Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Government needs more risk management across cyber supply chain, report says
Wednesday - 2/15/2012, 10:33am EST
The new cybersecurity bill introduced in the Senate on Tuesday would order agencies to make sure they buy genuine products from vendors with a secure supply chain. Last year's Defense Authorization bill also emphasizes supply chain security. The Obama administration has called for stricter procurement measures the Comprehensive National Cybersecurity Initiative.
Now a collaboration between academia and NIST has produced a plan for supply chain policy.
The University of Maryland has published a report, in collaboration with NIST, on how the government and industry are addressing the cyber supply chain challenge.
"We know that accelerating globalization and outsourcing of both software code and hardware production is presenting tremendous assurance challenges to the government and to the vendor community," said Sandor Boyson, co-director and research professor of supply chain management at the University of Maryland, in an interview with The Federal Drive with Tom Temin.
In their first phase of research, NIST and the university found that nearly half of 200 federal IT vendors surveyed did not have any kind of risk management mechanism in place. The results, Boyson said, were "quite disturbing."
In the past couple of years, industry has increased focus on risk management internally and in acquisition, but Boyson said more focus needs to be dedicated to "enterprise risk management across the supply chain."