Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Monday - Friday, 6-9 a.m.
Hosts Tom Temin and Emily Kopp bring you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews below.
ELC 2010: How to secure software
Monday - 10/25/2010, 10:15am EDT
Federal News Radio
With heavy reliance on the private sector for purchasing software, agencies could be opening themselves for security risks.
"There's a growing realization that within our supply chain , as we bring things in, that we're often unaware of what's in that supply chain and how it affects us. In particular, we're building components that are easily exploitable," Joe Jarzombek, director for software assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security.
Jarzombek spoke with Federal News Radio's Tom Temin at the Executive Leadership Conference.
Agencies must enhance their due diligence, looking at not only who produces the product but how they produce it and how they manage the product throughout the supply chain.
"It's not just what one individual company does," Jarzombek said.
DHS uses due diligence questionnaires to try to find out who is handling the product. However, in a global economy, tracking the sources of a product becomes very difficult. Some countries might represent a "more malicious intent," but the location alone does not tell everything about the product's security, Jarzombek said.
Hardware, too, is becoming a focus of security threats. A survey by the Commerce Department found that nearly 40 percent of DoD's supply chain entities discovered counterfeit electronics between 2005 and 2008.
Jarzombek said the supplier alone is not to blame for security risks. Departments throughout agencies are responsible, too.
"It's a life cycle perspective, in development, acquisition and use," he said.