The Department of Commerce is proposing new safety criteria for connected software to help better secure information and communications technology and services (ICTS) supply chains, including potential third-party audits of connected software and ICTS transactions, according to a proposed rule posted to the Federal Register Nov. 26.
Learning from supply disruptions caused by SARS-CoV-2: use of additive manufacturing as a resilient response for public procurement
The SARS-CoV-2 pandemic has had severe effects on economies worldwide and, in particular, on public institutions that must keep their operations running while supply chains are interrupted. The purpose of this study is to examine how public institutions act during a pandemic to ensure the security of supply.
Third Party Risk Management and Cyber Supply Chain Risk Management
Today’s business environment continues to be a challenge. Businesses whether small, or large leverage third-party vendors to provide critical services like data handling (security, transmitting, and storage), cloud storage/applications, and systems security monitoring.
Each business must ask themselves a few simple questions about one of their most valuable assets “Data”. If or when it leaves your secure working environment:
- How secure is your customer data in transit and storage?
- Do your third-party vendors handle your “critical information”?
- Provide a secure environment for processing?
- Comply with a proven Cyber Security Framework?
- Perform a “Due Diligence” on-boarding step for the Nth vendors (how many vendors handles your specific data) in your cyber supply chain?
- Follow security agreements and service level agreements catered to information security?
- Ensure data privacy is an important element of their InfoSec Program?
Bipartisan Bill Introduced to Strengthen U.S. Supply Chains
Bipartisan legislation was introduced in the House last week to boost U.S. supply chains and foster domestic manufacturing of “critical goods” by creating a Supply Chain Resiliency and Crisis Response Office in the Department of Commerce.
The Building Resilient Supply Chains Act was introduced by Rep. Tom Malinowski, D-N.J., along with Reps. Adam Kinzinger, R-Ill., and Lisa Blunt Rochester, D-Del.— members of the House Committee on Energy and Commerce.
In addition to creating the supply chain office within Commerce, the bill would authorize $45 billion for the office to create grants and loans that support the “expansion of domestic manufacturing of critical goods and services, industrial equipment, and manufacturing technology.
Cybersecurity: Biden Cyber Officials Back Breach Incident Reporting Mandate
The head of the U.S. cybersecurity enforcement agency “is a huge supporter” of bipartisan legislation to mandate that operators of critical infrastructure report data breaches to the government.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said she backs draft legislation from the Senate Homeland Security and Governmental Affairs Committee to require certain private companies, federal agencies and government contractors to report cyberattacks to the agency.
The proposed legislation is partly in response to a surge of major cyberattacks that targeted government agencies and critical industries, including Colonial Pipeline Co. and meat producer JBS SA. The hacks increased pressure on the Biden administration to bolster U.S. cyber defenses and fueled calls for federal legislation to require companies to share incidents with the federal government to assist in response and recovery.
CISA, FBI, AND NSA RELEASE CONTI RANSOMWARE ADVISORY TO HELP ORGANIZATIONS REDUCE RISK OF ATTACK
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware.
CISA and the FBI have observed over 400 attacks using Conti ransomware against U.S. and international organizations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds from a successful attack..
Americans Have No Idea What the Supply Chain Really Is
At this point, the maddeningly unpredictable Delta variant has changed the expected course of the coronavirus pandemic so much that it can be hard to know exactly what you’re waiting for, or if you should continue waiting at all. Is something like before-times normalcy still coming, or will Americans have to negotiate a permanently changed reality? Will we recognize that new normal when it gets here, or will it be clear only in hindsight? And how long will it be before you can buy a new couch and have it delivered in a timely manner?
How the Covid-19 pandemic has affected, and will affect, operations and supply chain management research and practice
The Covid-19 pandemic has caused significant impacts at all levels – societal, organizational and personal. At the time of writing, there has been a significant death toll worldwide with many nations still gripped by restrictions put in place to mitigate the impact of the virus. Some countries are beginning to recover, although the impacts will be felt for many years. Rather than writing a reflection piece on the EurOMA conference that was held virtually in 2020, we thought it best to consider how the pandemic has impacted research and practice in operations and supply chain management (OSCM).
USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others
WASHINGTON: The US government issued a joint advisory Thursday warning of the ongoing “active exploitation” of a “critical” vulnerability in a popular password management solution, which “poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software.”
A Cybersecurity and Infrastructure Security Agency (CISA) official told Breaking Defense after this report’s original publication, “As exploitation of this product can lead to full identity compromise, CISA is taking this vulnerability very seriously and requests information from any organizations that may have been impacted.”
Cyber Supply Chain Risk Management C-SCRM Software and Supply Chain Assurance Forum
Forums are held several times a year and are FREE and OPEN TO THE PUBLIC; registration is required.
Our next SSCA Forum Virtual Event will be held on Wednesday, September 22nd at 10:30 am to 1:00 pm Eastern Time. We have a great line-up of speakers and you will not want to miss this Forum. Our first two sessions feature talks from officials from the Israeli and United Kingdom Governments, respectively. This will be followed by two sessions focused on the telecommunications sector. The agenda, below, provides additional details about the speakers and their topics. We hope you can join us!