Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Monday - Friday, 6-9 a.m.
Hosts Tom Temin and Emily Kopp bring you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews on our daily show blogs.
ELC 2010: How to secure software
Monday - 10/25/2010, 10:15am EDT
Federal News Radio
With heavy reliance on the private sector for purchasing software, agencies could be opening themselves for security risks.
"There's a growing realization that within our supply chain , as we bring things in, that we're often unaware of what's in that supply chain and how it affects us. In particular, we're building components that are easily exploitable," Joe Jarzombek, director for software assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security.
Jarzombek spoke with Federal News Radio's Tom Temin at the Executive Leadership Conference.
Agencies must enhance their due diligence, looking at not only who produces the product but how they produce it and how they manage the product throughout the supply chain.
"It's not just what one individual company does," Jarzombek said.
DHS uses due diligence questionnaires to try to find out who is handling the product. However, in a global economy, tracking the sources of a product becomes very difficult. Some countries might represent a "more malicious intent," but the location alone does not tell everything about the product's security, Jarzombek said.
Hardware, too, is becoming a focus of security threats. A survey by the Commerce Department found that nearly 40 percent of DoD's supply chain entities discovered counterfeit electronics between 2005 and 2008.
Jarzombek said the supplier alone is not to blame for security risks. Departments throughout agencies are responsible, too.
"It's a life cycle perspective, in development, acquisition and use," he said.