Three agencies fall short in assessing IT supply chain risks

Thursday - 3/29/2012, 12:26pm EDT

Gregory Wilshusen, director of information security issues, Government Accountability Office

Download mp3

A recent Government Accountability Office report on IT supply change management revealed that three agencies had failed to take sufficient actions in reviewing supply chain risks for their internal department systems — the departments of Homeland Security, Energy and Justice.

"We compared what the federal guidelines that NIST (National Institute of Standards and Technology) had developed for agencies to identify and respond to these risks," said Gregory Wilshusen, GSA's director of information security issues.

Potential risks to agency IT equipment could include counterfeit parts, harmful or malicious software and the disruption in the production or distribution of critical products.

Wilshusen told The Federal Drive with Tom Temin and Emily Kopp that the report was not all bad news. The Department of Defense had made much greater progress in its review, implementation and methods for countering IT supply chain risks.

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.