Supply Chain Cyber Security is the process of identifying supply chain cybersecurity risks, understanding them, developing controls to minimize or eliminate them and developing strategies in case of any cyber attack. The supply chains are getting larger in size, more complex, interconnected and globalized than ever before, making supply chains vulnerable to cyber attacks since they can affect multiple companies simultaneously.
Magnus leadership has actively participated in multiple panels discussing supply chain cybersecurity with key government and industry leadership. Some of the panels are:
Supply Chain Cybersecurity Panel at 2023 Homeland Security Conference – July 18-19 2023
When folks think about cybersecurity, they most often think of securing their networks, software, and digital assets against cyber-attacks and data breaches. But the supply chain – whether a traditional manufacturer or service provider’s supply chain or the “data supply chain” relied on by most companies is also vulnerable to security risks, as has been seen in a litany of major data breaches via third parties.
The concept of supply chain is associated with the ability to effectively orchestrate multiple vendors to deliver a final product or service. The complementary adoptions of low-cost interoperable technologies, alongside rapid innovations in physical and virtual systems/applications, now comprise the core risk drivers of today’s public and private sector supply chains. Every company large and small in the DIB has a place in the supply chain, and supply chains are evolving to be as much about the flow of information as they are about the flow of goods and services.
As part of this panel, we are looking to address some key concerns like:
Will CMMC limit the risks of the information supply chain?
Will CMMC protect the Cyber Supply Chain it can’t see?
How to address the Software Bill of Materials (SBOM) listed in the EOP?
Over the past 20 plus years Information Security, Information Assurance and now Cyber Security have increasingly become an exercise in managing risk to the point of almost abandoOver the past 20 plus years Information Security, Information Assurance and now Cyber Security have increasingly become an exercise in managing risk to the point of almost abandoning mitigating vulnerabilities. Relying organizations & consulting professionals have focused on using legacy techniques & stacking redundant symmetric authentication factors to avoid meaningful change. Security by obscurity, that has failed in the past, has once again become good enough to satisfy risk management objectives. The result is that we continue to conduct business online without confidence that the online credentials being used are accurately associated with a specific entity. We still offer little or no mechanism to confidently know the difference between legitimate & illegitimate parties/ entities transacting – while agreeing that they are the largest vulnerability. “On the Internet, nobody knows you’re a dog”, [Peter Steiner has been reproduced from page 61 of July 5, 1993 issue of The New Yorker, (Vol.69 (LXIX) no. 20) only for academic discussion, evaluation, research and complies with the copyright law of the United States as defined and stipulated under Title 17 U. S. Code].
The DoD is implementing a Cybersecurity Maturity Model Certification (CMMC) that offers a consistent roadmap for the Defense Industrial Base (DIB), and beyond, to mature its overall Cybersecurity capabilities in a proactive way in order to enhance their business case, protect their brand, while protecting our Nation’s Economy and Security. This session will challenge the .gov community at large and the and its associated supply chain to “move forward” by embracing the CMMC model and provide some incremental actions that can be taken to make this journey and integrated business initiative. This is particularly important doing business under a lowest price technically acceptable source selection process. The presentation will provide an overview of CMMC, how it puts a better focus on existing FAR requirements and provide guidance, particularly for Small and Medium size businesses that desire to do, or continue to do, business with the Federal Government. It addresses public companies that will need guidance to meet the growing SEC requirements related to Cyber Security Governance. The presentation will also introduce educational initiatives AFCEA is pursuing to achieve a Cyber Secure ecosystem.
Knowledge Base & Resources
Whitepaper on Supply Chain Cybersecurity
Supply Chain Cybersecurity includes a complex of everyday operating issues affected by a network of known and unknown connections, services and components. This paper provides a strategic overview of the supply chain cyber issues from the perspective of vendor operational security. We examine the accelerating escalation of supply chain risks, leading to 2021 executive orders and vendor cyber certification requirements. Concise recommendations and links to frameworks and self-assessment resources provide a starting point for the journey to a healthier supply chain.