NRMC: Vulnerability Awareness, Partnership Essential to ICT Supply Chain Security

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats.

That was the word from Mara Winn, Associate Director of CISA’s National Risk Management Center (NRMC), who provided updates on the NRMC’s work at FCW’s NASA SEWP SCRM Hybrid Forum 2022 on May 24.

Having a common language on security then allows organizations to have an “apples-to-apples conversation with your vendors” that are especially useful because different groups have different tolerance for risk, she said.

Winn also emphasized the importance of agencies constantly looking for where threats are coming from, and understand the trustworthiness of their own supply chain. She highlighted that everyday risks to the supply chain are “more than just ships having trouble in ports.”

Source: NRMC: Vulnerability Awareness, Partnerships Essential to ICT Supply Chain Security – MeriTalk

New Guide Released on Healthcare Cyber Supply Chain Risk Management

On the heels of a federal agency alert on managed service provider (MSP) attacks, the Cloud Security Alliance released a new white paper to support cybersecurity risk management across the healthcare supply chain.

Developed in collaboration with the Health Information Management Working Group, the report details best practice measures for healthcare delivery organizations to manage the range of risk posed by the sector’s heavy reliance on third-party vendors and other partners, such as food suppliers, medical device vendors, pharmaceuticals, and the like.

Source: Alliance targets healthcare supply chain cybersecurity risk management in new guide (scmagazine.com)

FDA Urges Drug Manufacturers to Develop Risk Management Plans to Promote a Stronger, Resilient Drug Supply Chain

For Immediate Release: May 19, 2022
Statement From: Patrizia Cavazzoni, M.D., Director – Center for Drug Evaluation and Research

Drug shortages pose a significant public health threat as they can delay, and in some cases, even deny critically needed care for patients. Over the past decade, the FDA’s efforts have contributed to fewer new drug shortages and reduced the time to resolve existing drug shortages. This is due, in part, to authorities the agency now has, including those added by the Food and Drug Administration Safety and Innovation Act

To further assist manufacturers with these requirements, we are issuing a draft guidance, Risk Management Plans to Mitigate the Potential for Drug Shortages, intended to help with the development, maintenance and implementation of risk management plans.

The draft guidance describes a framework for stakeholders to consider when developing risk management plans that aligns with principles stated in the International Council for Harmonisation guidance for industry, Q9 Quality Risk Management, and identifies risk factors to consider when developing the content of risk management plans. The steps needed to reduce risks of a disruption in drug supply may vary among the different manufacturers in the supply chain for a given drug. 

Source: FDA Urges Drug Manufacturers to Develop Risk Management Plans to Promote a Stronger, Resilient Drug Supply Chain | FDA

Using Tech to Build Supply Chain Resilience in a Changing World

Source: Using Tech to Build Supply Chain Resilience in a Changing World (entrepreneur.com)

Proper supply chain management is critical to smooth business operation, agility and profitability. Beyond coordination, resilience is a key quality required for supply chain management.

Covid-19 related supply chain disruptions have affected most industries. Vast numbers of companies across the globe experienced troubles during Covid-19, impacting shipment timing, costs, efficiency and revenues. These impacts highlight the importance of building a supply chain that can weather a storm and be capable of quick recovery.

Webinar: What the Satellite Industry Needs to Know About CMMC: Preparing for a Successful CMMC Assessment, Defining Terms and What to Expect

The Satellite Industry Association (SIA) will hold a webinar on Thursday, July 14 at 11:00 am (Eastern time) on “What the Satellite Industry Needs to Know About CMMC: Preparing for a Successful CMMC Assessment, Defining Terms and What to Expect.”

Satellite companies, along with the entire Defense Information Base, will soon need to be Cybersecurity Maturity Model Certification (CMMC 2.0) accredited to be eligible for U. S. Department of Defense (DoD) awards.

Is your company prepared?  This webinar will identify the key considerations a company should be mindful of prior to beginning the CMMC process.  

For more information, see www.sia.org

Economy Could Dampen Growth of Space Industry

Economy could dampen growth of space industry
Source: Space News
Published: May 26, 2022
 
Broader economic issues as well as the performance of some space companies could slow the growth of the industry in the next few years, executives warn. During a panel discussion at the Space Tech Expo May 25, Lars Hoffman, senior vice president of global launch services at Rocket Lab, warned that the industry is not immune from broader economic issues like supply chain disruptions, inflation and growing concerns about a recession. “We’re seeing right now a bit of a chilling going on within the industry,” he said. “This heating up of the market that we saw in the last couple of years when times were a little bit better, COVID excepted, is starting to level off a little bit.”

Nations Aim to Secure Supply Chains by Turning Offshoring Into ‘Friend-Shoring’

U.S. officials and allies around the world are looking to establish friendly supply routes for key goods amid a war and global pandemic

Source: Wall Street Journal
Nations Aim to Secure Supply Chains by Turning Offshoring Into ‘Friend-Shoring’ – WSJ

As war and the pandemic expose the fragility of supply chains, the U.S. and its allies are pursuing a new kind of global trade, one that confines commerce to a circle of trusted nations. Fans call the shift “friend-shoring.”

The new strategy is a departure from economic globalization of recent decades, when businesses bought and made products where costs were low and free-trade policies made moving goods around the world cheaper and faster.

Now, U.S. officials and their allies in Europe, Asia and the Pacific are promoting and funding new production and trading channels for essential goods that run though friendly nations. Companies including Samsung Electronics Co. and Gap Inc. are tapping into this trend. It comes after a series of disruptions, including the Covid-19 pandemic, Russia’s invasion of Ukraine, and a trade war between the U.S. and China.

Promoters of friend-shoring see it as a chance to revamp global supply chains to reduce their reliance on countries with autocratic governments and nonmarket economies, namely China and Russia. They say it is a compromise between full-fledged globalization and isolationism, and between offshoring and domestic production.

Efforts are already under way in industries including semiconductors and rare-earth metals, a crucial input for electric vehicles and missiles. Private companies are joining the fray as well, moving to increase production in countries they see as carrying relatively low political and logistical risk.

Podcast: Untangling the Supply Chain, Episode 3: Satellite Solutions for Supply Chain Woes

Communication and earth observation satellites play an essential but too-little-known role in managing the world’s supply chains. The solutions call on spacecraft in every orbit, carrying every payload and operating in every commercial frequency band. They also call on the ingenuity and determination of experts in engineering, manufacturing, operations and analytics to provide the crucial data and communications that help their customers keep the world supplied.

In this podcast, based on the May 12 Webinar: Satellite Solutions for Supply Chain Woes, Space & Satellite Professionals International (SSPI) Robert Bell is joined by Matt Desch, CEO, Iridium Communications, Inc.; Nicole Robinson, President, Ursa Space Systems; and Jean-Michel Rouylou, Head of Enterprise and Broadband, ST Engineering iDirect to discuss satellite’s vital role in world trade and the global opportunities the industry’s unique technologies are able to tap.

Listen to the Podcast: Space & Satellite Professionals International | Making Leaders Podcast: Untangling the Supply Chain, Episode 3 – Satellite Solutions for Supply Chain Woes (sspi.org)

Webinar: One Year In: The Executive Order and Securing Software Supply Chains Webinar

One Year In: The Executive Order and Securing Software Supply Chains Webinar held on May 12, 2022 is now available for viewing. During the event, experts discussed the role of the software bill of materials (SBOM) in securing software supply chains as well as key insights from the latest Executive Order on Cybersecurity.

The entire event is available to view here: https://learn.atarc.org/e/315131/X0MyS0qfGBY/jq1p2/1760163334?h=6zjEdpU6R9W6cJWI_SSm4iNfw2nY26D7ngmVTkAIuLk

Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects


Source: The Hacker News
Published: May 13, 2022
 
Google has announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect your code.” “With this information, developers can understand how their software is put together and the consequences to changes in their dependencies,” the company said. The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows.

Source: Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects