Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Monday - Friday, 6-9 a.m.
Hosts Tom Temin and Emily Kopp bring you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews on our daily show blogs.
ELC 2010: How to secure software
Monday - 10/25/2010, 10:15am EDT
Federal News Radio
With heavy reliance on the private sector for purchasing software, agencies could be opening themselves for security risks.
"There's a growing realization that within our supply chain , as we bring things in, that we're often unaware of what's in that supply chain and how it affects us. In particular, we're building components that are easily exploitable," Joe Jarzombek, director for software assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security.
Jarzombek spoke with Federal News Radio's Tom Temin at the Executive Leadership Conference.
Agencies must enhance their due diligence, looking at not only who produces the product but how they produce it and how they manage the product throughout the supply chain.
"It's not just what one individual company does," Jarzombek said.
DHS uses due diligence questionnaires to try to find out who is handling the product. However, in a global economy, tracking the sources of a product becomes very difficult. Some countries might represent a "more malicious intent," but the location alone does not tell everything about the product's security, Jarzombek said.
Hardware, too, is becoming a focus of security threats. A survey by the Commerce Department found that nearly 40 percent of DoD's supply chain entities discovered counterfeit electronics between 2005 and 2008.
Jarzombek said the supplier alone is not to blame for security risks. Departments throughout agencies are responsible, too.
"It's a life cycle perspective, in development, acquisition and use," he said.