Since the onset of the COVID-19 pandemic, China has pursued a strict zero-COVID policy, employing draconian containment measures to limit transmission. This approach has limited fatalities but also severely impacted China’s economy, ensnarled global supply chains and —this past week — has fostered some of China’s most-visible protests and public dissent in years.
Russian Software Pushwoosh Highlights Need for Vigilance on Foreign Ownership Risks in Supply Chain
This week’s disclosure of a Russian firm masquerading as an American company highlights yet again the potential security concerns hidden within software supply chains.
The company, Pushwoosh, provides coding language and data processing for companies building software applications. Its code allows software developers to track and profile app users to customize the notifications they receive.
While Reuters’ exclusive story noted Pushwoosh’s integration with the Centers for Disease Control and Prevention (CDC), that agency was far from alone. Interos’ own analysis has identified additional industries and countries most at-risk of exposure to Pushwoosh code and potential data breaches.
Beyond Cybersecurity Frameworks
The last couple of years have been filled with what seems like countless high-profile cyber attacks — SolarWinds and Colonial Pipeline immediately come to mind.
Add to that the top six breaches that occurred in the U.S. and other countries in the first six months of this year, and we can see that hacks, scams, breaches and ransomware are the norm, not the exception. Although the U.S. government is doing its part to offer executive guidance and create meaningful security frameworks to combat new and ongoing threats, the onus must fall on the private sector to adopt, manage and revisit their security best practices if we are to get ahead of constantly evolving cyber threats.
When will SBOMs finally benefit the federal government’s software supply chain?
Software bill of materials (SBOMs), an ingredient list for software, are going to finally provide missing foundational information on software consumption so federal agencies can improve their software supply chain security … someday. To be sure, the Commerce Department has nurtured an SBOM-interested community for years and those efforts have benefited many industries, especially medical device companies. A recent executive order singled out the utility of SBOMs.
‘It has to work’: Inside the military’s race to solve an ejection seat safety conundrum
WASHINGTON — It was during a routine inspection in April that an Air Force technician found a single faulty Cartridge Actuated Device in the ejection seat of an F-35 at Hill Air Force Base, Utah. The device — known colloquially as CAD — contained no magnesium powder, a necessary material for generating the explosive charge that allows a pilot to begin ejecting from an aircraft.
At first, the potential issue was believed to be confined only to the F-35. By late July, however, the problem appeared more widespread, potentially impacting hundreds of aircraft across the US military’s tactical and training jet inventory that use ejection seats made by Martin-Baker, the UK-based firm that is one of two suppliers of ejection seats for the Defense Department.
Space Development Agency’s first launch slips due to supply chain setbacks
WASHINGTON — The first launch of the Space Development Agency’s low Earth orbit satellites that had been scheduled for late September is slipping to no earlier than mid-December.
Speaking at the Washington Space Business Roundtable Sept. 14, SDA Director Derek Tournear said the launch of the agency’s Tranche 0 satellites had to be delayed due to supply chain problems that have affected all vendors in the program.
The 28 satellites in Tranche 0 include 20 communications payloads made by Lockheed Martin and York Space; and eight missile-tracking infrared sensor satellites made by SpaceX and L3Harris.
OMB Issues Marching Orders for Secure Software Push
The Office of Management and Budget (OMB) today issued marching orders to Federal agencies to take action to comply with National Institute of Standards and Technology (NIST) guidance for the use of secure supply chain software, as ordered by President Biden’s cybersecurity executive order issued in May 2021.
GSA’s Hale Points to Zero Trust, Cloud Work for FY2023 Priorities
Lawrence Hale, who recently took over as Acting Deputy Assistant Commissioner for Category Management, Office of Information Technology Category at the General Services Administration’s (GSA) Federal Acquisition Service, explained today that his office’s fiscal year 2023 priorities focus on helping Federal agencies work toward easier cloud service adoption and continued progress in zero trust security migration.
NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers today. The product is through the Enduring Security Framework (ESF) — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high priority threats to the nation’s critical infrastructure.
The importance of managing risk in the supply chain
Avetta urges companies to prioritize eliminating cybersecurity risks, which could otherwise have devastating effects on their supply chain. According to Avetta, 85% of companies experience at least one interference in their supply chain every year. From financial instability to data threats, greenhouse gas emissions to incidents on site, supply chains face constant threats.