Azmi: Supply chain forgotten element in cybersecurity

Tuesday - 9/21/2010, 5:42pm EDT

Zal Azmi, SVP, CACI Cyber Solutions Group

Click to hear the interview

Download mp3

By Olivia Branco
Federal News Radio

You're probably aware of cybersecurity issues when it comes to your organization or agency.

But what about those same threats only at an even larger level?

CACI International and the U.S. Naval Institute released a report national security and assessing cyber threats specifically on global supply chains.

The report, called "Cyber Threats to National Security: Countering Challenges to the Global Supply Chain" provides recommendations to better understand and prepare for cyber threats.

The senior vice president of CACI's Cyber Solutions Group and former FBI Chief Information Officer, Zal Azmi, joined Francis Rose on In Depth with Francis Rose to discuss the report as well as what was discussed at the recent Cyber Threats symposium, which focused on supply chains.

Azmi explained that they wanted to focus on supply chains mainly because they weren't getting the attention.

"We thought if we bring a group of folks together and actually tee up some ideas and points of discussion, we may raise the level of awareness for our audience and the nation as a whole. That's why this report was published."

Azmi said there are two things to worry about in cyber space: actors and attack vectors.

"Supply chain is one of those attack vectors that we need to worry about," Azmi said. "The idea is that every thing we deal with if it's goods or information technology, we need to ensure its security from end to end. If you're looking at the technology of a supply chain then we're looking at the design of a chip, to manufacturing to transport to installation to operation and maintenance. At any given time, this computer equipment or this chip or this software is open to intrusions so we must provide end to end security for it."

While Azmi recognized the large scale of the protecting national security, he noted that we need to be taught about cyber threats at a young age.

"I think this level of awareness and communication needs to start in elementary school," Azmi said, "because I'd like to say everyone is armed today. Every one you see has a cell phone and a cell phone has an IP address, and every device with an IP address is a point of entry or intrusion into our network because we are so well-connected and we communicate so well to each other so therefore we need to start this education as early as possible."

Azmi suggested that parents should teach their children what having a cell phone really means.

"You probably know that we have laws around carrying guns, sooner or later we're going to have to worry about the software that we load onto these devices, or the software that our kids can download to these devices. We have to worry about that. It's not about grownups now, it's about the entire population of the world that has a digital device attached to their hip."

The symposium and report offered four recommendations in order to "advance the national understanding of cyber threats in general and supply chains threats in particular".

The report says that the U.S. must:

  • Ensure the nation is prepared to react to and preempt cyber attacks
  • Make supply chain security part of the establishment of an overall cyber intelligence capability
  • Develop the ability to build a limited number of computer and communication systems that are absolutely certain to be secure
  • Carry out a sustained strategic communications campaign to provide the public with a realistic appreciation of the cyber threat

Azmi explained that if he had to choose one of the recommendations to start with, it would be the fourth.

"It is the quickest, it is the fastest, it's the easiest to implement with a huge return on investment," Azmi said, "because we need to inform the nation of the challenges that we have with cybersecurity and prevent some of the basic intrusions into our systems."

Azmi noted the positives of the federal cybersecurity community saying that good things are in fact happening.

"Howard Schmidt being in the White House, he knows what his role is and he has a deputy that is very capable. I think that General (Keith) Alexander heading the cyber command is a great positive step. Homeland Security knowing exactly what their roles and responsibilities are."

He also noted that we can never really stop paying attention to cyber security though.

"I think these are all examples of good progress we are making. But this is an environment that has no bounds, cyber is constantly changing, and we need to remain agile and change with it as quickly as possible."