A Department of Defense task force concluded in 2018 that DOD’s inventory management systems were potentially vulnerable to attack. These systems, run by the Defense Logistics Agency, are used to manage the defense supply chain. They reviewed efforts to reduce the risks in 6 inventory management systems. The agency has taken some prescribed risk management actions but could do more. For example, they found 69% of its plans to fix identified security weaknesses were not carried out on time. They made 5 recommendations to improve the cybersecurity of these systems.
Alerts, Warnings, Advice, Resolutions, and Experience (AWARE)
Alerts, Warnings, Advice, Resolutions, and Experience (AWARE) is a repository that facilitates information exchange on technical issues and threats to space enterprise acquisitions and operations. Operational since 2010, the capability includes data and analysis on cyber, supply chain, parts and materials, and counterspace threats sourced from a variety of government and industry organizations. AWARE has a Supply Chain Risk Management (SCRM) repository for SCRM Analysis that contains corporate threat assessments, hardware/software vulnerability assessments, and other critical information.
After review by FFRDC Subject Matter Experts (SMEs), alerts that have a high chance of affecting Space Enterprise operations are entered into AWARE and are distributed to the specific SMEs or mission areas that may be affected.
AWARE has three versions operating at the unclassified, secret and top-secret levels.
For more on AWARE, reach out to: Brad Wong.
Managing the Future State of Supply Chain Risk
Threats from adversaries and natural disasters can disrupt supply chains, challenging organizations to respond effectively. To get ahead of a constantly shifting threat environment, how can organizations mature institutional collaboration to better manage the future state of supply chain risk?
The Aerospace Corporation’s Supply Chain situational awareness tool leverages decades of industrial base data and visualization techniques to deliver pertinent information concisely and efficiently for better decision making in advance of – and during – an incident.
The Cybersecurity Maturity Model Certification (CMMC) enables trust in U.S. Government acquisitions.
Contact Aerospace to learn more.
The Importance of Supply Chain Risk Management in Government
The recent massive cyberattack against government agencies and the private sector, suspected to emanate from Russia, has made the federal IT supply chain a front-and-center concern. In that incident, malware embedded in a software update of a technology product enabled hackers to roam undetected on customers’ networks, including federal systems, for at least nine months.