Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
- Veterans in Private Sector: Making the Transition
Shows & Panels
ELC 2010: How to secure software
Monday - 10/25/2010, 10:15am EDT
Federal News Radio
With heavy reliance on the private sector for purchasing software, agencies could be opening themselves for security risks.
"There's a growing realization that within our supply chain , as we bring things in, that we're often unaware of what's in that supply chain and how it affects us. In particular, we're building components that are easily exploitable," Joe Jarzombek, director for software assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security.
Jarzombek spoke with Federal News Radio's Tom Temin at the Executive Leadership Conference.
Agencies must enhance their due diligence, looking at not only who produces the product but how they produce it and how they manage the product throughout the supply chain.
"It's not just what one individual company does," Jarzombek said.
DHS uses due diligence questionnaires to try to find out who is handling the product. However, in a global economy, tracking the sources of a product becomes very difficult. Some countries might represent a "more malicious intent," but the location alone does not tell everything about the product's security, Jarzombek said.
Hardware, too, is becoming a focus of security threats. A survey by the Commerce Department found that nearly 40 percent of DoD's supply chain entities discovered counterfeit electronics between 2005 and 2008.
Jarzombek said the supplier alone is not to blame for security risks. Departments throughout agencies are responsible, too.
"It's a life cycle perspective, in development, acquisition and use," he said.