“Supply chain security threats will receive more direct attention in 2020, culminating with guidance from the newly-created Federal Acquisition Supply Chain Council, according to the federal government’s top cyber official.”
“The council, created in late 2018 under the SECURE Technologies Act, is comprised of various high-level officials from the intelligence community, civilian agencies and the Pentagon, and charged with collecting supply chain threat data from agencies and providing them guidance in addressing such threats.”
“Speaking Tuesday at an event hosted by Nextgov and Defense One, Federal Chief Information Security Officer Grant Schneider previewed what to expect from the council—which he chairs—in the coming year. Chief among them, Schneider said, is providing guidance to federal agencies legally obligated to create supply chain risk management programs.”
“’The law says each agency needs a program and we need to give them guidance,’ Schneider said. ‘We need to figure out what information we need to collect around supply chain risk management and where to have that information shared from.’”
“Schneider added that is it ‘getting harder and harder in the global economy to understand’ where the components in IT systems come from. Agencies must grapple with ‘what’s inside the box, who built it, what was their intent,’ and whether a nation-state actor could exert control over it.” Read the full article here.
Source: Federal CISO: Better Info Sharing Will Lead to More Secure Supply Chain – By Frank Konkel, November 19, 2019. Nextgov.