Supply chain can simply be defined as the network between a company and its suppliers to distribute a product to a final buyer. Although this definition may be simple, supply chains are extremely complex from a security perspective. This complexity leaves the opportunity for hackers to enter systems potentially causing major security damage to any entity. Articles by Derek B. Johnson from The Business Federal Technology, Dwight Weingarten from MeriTalk and Jeff Moore from Federal News Network give insight into supply chain vulnerability and what’s being done to make improvements,
Within the last few months, supply chain cyberattacks have been exceedingly persistent from foreign nations pertaining to the U.S. election and COVID-19 vaccine research. According to the director of the National Counterintelligence and Security Center (NCSC), around $500 billion is lost annually just from China’s economic espionage. In order to combat these constant threats, the NCSC suggests having not only a strong critical infrastructure, but a secure supply chain as well to ensure data safety.
Although foreign interference is a major threat to supply chain, domestic entities such as resellers can be extremely harmful as well. Federal agencies often use reseller channels to support government components. The major issue with resellers is they often do not have the resources to combat threats aimed at supply chain. In addition, government agencies often do not get proper authentication when working with a reseller. The combination of these two security breaches leaves the federal supply chain vulnerable.
Supply chain vulnerability has not been left unnoticed by the U.S. government. In fact, the Cybersecurity & Infrastructure Security Agency (CISA) is planning to improve its data analytics capabilities to help government agencies and the private sector achieve supply chain security. CISA’s data improvement mission is two-fold: push blocking capabilities an enhance cyber risk management. Although it will take years for the CISA to fully implement this project, the agency is actively making investments to move forward. The mission towards securing supply chain is in full force.
“CISA’s ‘next frontier’ around cyber data analytics” – Derek B. Johnson, The Business of Federal Technology
- The CISA is planning to improve its data analytics capabilities to help government agencies and the private sector
- The CISA’s mission is two-fold: push blocking capabilities and enhance cyber risk management analytics
- Although it will take years to complete this project, the CISA is actively making investments to move forward
IC Leader Details Present and Future Cyber Threats – Dwight Weingarten, MeriTalk
- There are ongoing efforts from foreign nations to interfere with the U.S. election and vaccine research through penetrating the supply chain
- $500 billion is lost annually due to China’s economic espionage, according to William Evelina, the director of NCSC
- Threats to critical infrastructure and supply chain go hand-in hand
Securing the supply chain at its most vulnerable: The reseller channel – Jeff Moore, Federal News Network
- Resellers often do not have the resources to combat threats aimed at its supply chain
- Agencies must verify authorization of the reseller to ensure security
- Securing the federal IT supply chain needs to be a collaborative effort consisting of developing a database of repeat attackers and tracking