Tech News, Magazine & Review WordPress Theme 2017
  • Supply Chain Updates
  • GLOBAL NEWS
  • REGIONAL NEWS
  • Industry Buzz
  • CURRENT ISSUES
No Result
View All Result
  • Supply Chain Updates
  • GLOBAL NEWS
  • REGIONAL NEWS
  • Industry Buzz
  • CURRENT ISSUES
No Result
View All Result
United States Supply Chain Management Council
No Result
View All Result
Home Supply Chain Updates

Supply Chain Security Requires Acquisition Reform, Security Experts Say

usscmc by usscmc
November 13, 2019
Supply Chain Security Requires Acquisition Reform, Security Experts Say
Share on FacebookShare on Twitter

The government can make significant progress in securing its IT supply chain by following a few basic procurement practices, but most agencies have yet to adopt them, according to federal security experts.

While government leaders have recently given a lot of attention to the supply chain security threats posed by foreign vendors, officials must devote equal energy to reforming their acquisition policies so they put those warnings to good use, experts said. Those efforts require an in-depth understanding of both the government’s IT infrastructure and the countless firms in its vendor pool, they said, but today that remains a challenge for most agencies. 

“Supply chain [security] is where we were with cyber[security] maybe 15, 20 years ago,” Michele Iversen, director of risk assessment and operational integration at the Defense Department, said Tuesday during a panel at Fifth Domain’s CyberCon event. “We really don’t really have the visibility that we need to know where the threats are and what’s actually happening.”

While it’s relatively easy to stay away from high-profile companies like Kaspersky Lab and Huawei, there are hundreds of thousands of firms that do business with the government, and still more that support those vendors. Each of those firms could pose a range of potential risks—from espionage threats to poor software development practices—and procurement officials don’t always know who to trust, panelists said.

During the event, they offered a few policies that could go a long way in addressing those risks.

In the case of the Defense Department, officials do a good job vetting vendors for critical projects like weapons systems, Iversen said, but they don’t always apply the same scrutiny to more standard purchases. Expanding basic due diligence practices across all acquisitions help agencies better understand the threats they face and work around them.

She also pushed agencies to more closely examine the companies that supply their vendors, and where their products originate. Much of that information is publicly available, she said, and her team is working to build a tool that would make that data more readily accessible.

John Boyens, acting deputy chief of the computer security division at the National Institute of Standards and Technology, said agencies must gain a more holistic understanding of the critical systems within their IT ecosystem and monitor how vendors access those technologies. Government contractors should also follow suit, he said.

“These are some of those best practices that if the entire supply chain used, it would plug up a lot of those holes,” Boyens said, adding that NIST plans to release a report on supply chain best practices “in the next few weeks.”

Iversen also encouraged procurement specialists to adopt software bills of materials for the tech they buy and create “common sense” policies for using foreign tech, like banning tools from state-owned companies from mission-critical operations. She also pushed the government to increase accountability for vendors that sell dubious tech.

Panelists also noted there are a handful of technology solutions that could improve supply chain risk management, but agencies have been slow to adopt them. In the years ahead, the government could use its purchasing power to further expand the marketplace for such tools.

“Industry is waiting for demand signals,” Boyens said. “We need to start asking for some of these things before industry will actually invest in them.”

usscmc

usscmc

No Result
View All Result

Recent Posts

  • Supply Chain Issues Delay Michigan Statehouse Welcome Center
  • Last Mile Delivery Market Size, Growth And Forecast
  • High shipping rates could increase inflation by 1.5%: IMF
  • Coast Guard responds to adrift cargo ship off California
  • Underinsurance as a Persistent Driver of Cross-Border Antibiotic Procurement in U.S. Border Communities

Recent Comments

  • Top 5 Supply Chain Certifications that are in high demand | Top 5 Certifications on Top 5 Globally Recognized Supply Chain Certifications
  • 3 Best Procurement Certifications that are most valuable | Procurement Newz on Top 5 Globally Recognized Supply Chain Certifications

Archives

  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • September 2019

Categories

  • Global News
  • Supply Chain Updates

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
United States Supply Chain Management Council

Categories

  • Global News
  • Supply Chain Updates

Tags

APICS Globally Recognized Supply Chain Certifications IIPMR Certifications International Institute for Procurement and Market Research (IIPMR) ISM Next Level Purchasing Top 5 Supply Chain Certifications top supply chain certifications

Trending

No Content Available
  • Privacy Policy
  • Terms of Use
  • Antispam
  • Disclaimer
  • Contact Us

© 2022 www.usscmc.com

No Result
View All Result
  • Supply Chain Updates
  • GLOBAL NEWS
  • REGIONAL NEWS
  • Industry Buzz
  • CURRENT ISSUES

© 2022 www.usscmc.com

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT