Supply Chain Risk Management Capabilities Center
One Year In: The Executive Order and Securing Software Supply Chains Webinar held on May 12, 2022 is now available for viewing. During the event, experts discussed the role of the software bill of materials (SBOM) in securing software supply chains as well as key insights from the latest Executive Order on Cybersecurity.
The entire event is available to view here: https://learn.atarc.org/e/315131/X0MyS0qfGBY/jq1p2/1760163334?h=6zjEdpU6R9W6cJWI_SSm4iNfw2nY26D7ngmVTkAIuLk
On 26 April, NASA hosted the annual Supply Chain Integrity Month Conference at NASA Headquarters, bringing government and industry together on challenges and opportunities in the changing supply chain environment. NASA’s CIO presented welcoming remarks, and experts across the interagency discussed topics including public private partnerships, EO 14028 and EO 14017 requirements, securing the software supply chain, software bill of materials, the identification of forthcoming recommendations and requirements resulting from the work performed under the EOs, a Proactive Supplier Engagement Process (PSEP), and global impacts of the disruption in Ukraine.
Source: Space and Satellite Professionals International (SSPI)
Listen to the Podcast here
When Airbus OneWeb Satellites began mass production of the OneWeb satellite constellation, it had to develop and manage a global supply chain that could operate at unprecedented speed to make possible the manufacturing of two satellites per day. In this first episode of the Untangling the Supply Chain podcast series, Airbus OneWeb Satellites Chief Supply Chain Officer John Meikle joins SSPI’s Robert Bell to explore how that chain was linked together and kept running – and how it copes with the major disruptions of 2020.
Supply Chain Integrity Month will engage live sessions taking place at NASA HQ in Washington, DC in the James E. Webb Auditorium and virtually. The event is open to all Government and Industry personnel with an interest in Supply Chain Integrity. The audience will be a mix of NASA civil servants and contractors as well as some participants from NASA partner organizations (e.g. NOAA). In attendance will be those involved with supply chain, as well as Information System Owners (ISOs), Information System Security Officials (ISSOs), Chief Information Security Officers (CISOs) and acquisition professionals.
Topics that will be covered:
In response to the Executive Order on Improving the Nation’s Cybersecurity published in May 2021, new mandates call for accelerating the adoption of secure open source software (OSS) and commercial off-the-shelf solutions to speed software delivery from years to minutes. Additionally, the National Institute of Standards and Technology (NIST) has provided updated guidance for strengthening the security of critical software purchased by U.S. federal government programs from industry software suppliers and partners.
Join ATARC and government and private sector experts working across Federal defense agencies as they cover:
Register here: One Year In: the Executive Order and Securing Software Supply Chains – ATARC
Supply Chain Integrity Month | CISA
April is National Supply Chain Integrity Month. In partnership with the Office of the Director of National Intelligence (ODNI) and other government and industry partners, CISA is promoting a call to action to “Fortify The Chain” for a unified effort by organizations across the country to strengthen the global ICT supply chain.
Information and communications technology (ICT) products and services ensure the continued operation and functionality of U.S. critical infrastructure. However, recent software compromises and other events have shown the far-reaching consequences of these threats. When a supply chain incident occurs, everyone suffers: buyers, suppliers, and users.
As the nation’s risk reducer, CISA’s top priorities include securing the global ICT supply chain from the evolving risks of tomorrow. Every week, CISA is promoting resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force. CISA themes for each week include:
Use the hashtag #FortifyTheChain, #SupplyChainIntegrityMonth, or #SCRMTaskForce in your social media posts to raise supply chain awareness.
Dr. Bill Curtis, Executive Director, CISQ | Robert Martin, Sr. Software and Supply Chain Assurance Principal Eng., MITRE
Register: Managing Trustworthiness & Dependability of Systems Acquired Via Supply Chain (brighttalk.com)
Join the Consortium of Information and Software Quality (CISQ) on April 6th, 2022, 3:00pm CST – 4:00pm CST to learn how to manage the trustworthiness and dependability of systems acquired through your supply chain. Learning Objectives: – Learn how to leverage CISQ measures to reduce risk in your contacts & SLAs – How to certify software and its level of risk – How to manage the quality of the software you are receiving from a supply chain – Learn about the use of Software Bill of Materials (SBOM) in a software supply chain
San Francisco, CA
June 6-9, 2022
The theme for RSAC 2022 is “Transform.” This conference offers a dialogue on the rapidly evolving information security industry by providing insight into trends and breaking news in information security. It is intended for military, government, academia, and industry information security experts.
Protecting Data & the Supply Chain
This track explores the cascading security requirements of the extended enterprise and the classification, tracking, and protection of data. It covers data protection regulations, DLP and threats to sensitive data, and emerging trends in software supply chain security as well as vendor and partner SLAs, supply chain mapping, continuous enforcement, and how to future-proof vendor contracts and risk assessments for evolving requirements.
For more information, follow these links:
2022 USA | RSA Conference
Trust, but Verify: Protecting Your Business from Supply Chain Attacks | RSA Conference
January 20, 2022 — Cybersecurity Threats in the Cloud Software Supply Chain
Register now for ATARC’s Cybersecurity Threats in the Cloud Software Supply Chain event on January 20, 2022, from 1:30 PM – 2:30 PM ET. High-profile software supply chain attacks, such as SolarWinds and Kaseya VSA, have shed a glaring light on the disparity between agencies’ perceptions of security within their cloud infrastructure and the reality of supply chain threats that can impact business catastrophically. Tune in to this panel to hear what topic experts have to say on threat assessment within the cloud, and how the Executive Order impacted agencies’ cloud security practices. Register here.
February 8-10, 2022 – Mountain View, CA
SmallSats now account for 97% of satellites launched and almost half of all upmass. With hundreds of SmallSat projects underway, this massive shift in satellite markets is poised to only accelerate in the near term.
The 2022 SmallSat Symposium brings together the leaders driving this change to identify critical trends and qualify disruptive technologies. An ideal environment for open communication, important networking and critical insight are hallmarks of this must-attend satellite industry event.
Supply chain will be discussed on the panel: Logistical Support and Integration Services for SmallSat Systems
Full agenda: AGENDA « SmallSat Symposium 2022 (smallsatshow.com)
Register: SmallSat Symposium 2022 (regfox.com)