April is Supply Chain Integrity Month – NASA is Engaging the Interagency on the Theme ‘Identifying and Protecting NASAs Crown Jewels through Resilient Partnerships’


Supply Chain Integrity Month will engage live sessions taking place at NASA HQ in Washington, DC in the James E. Webb Auditorium and virtually. The event is open to all Government and Industry personnel with an interest in Supply Chain Integrity. The audience will be a mix of NASA civil servants and contractors as well as some participants from NASA partner organizations (e.g. NOAA).  In attendance will be those involved with supply chain, as well as Information System Owners (ISOs), Information System Security Officials (ISSOs), Chief Information Security Officers (CISOs) and acquisition professionals. 

Topics that will be covered:

  • ICT SCRM Task Force (Public/Private Partnerships) 
  • EO 14028 – Requirements Panel 
  • EO 14028 – NASA Implementation Panel 
  • EO 14017 Panel – DoC, DoE, DoD, HHS
  • Securing the Software Supply Chain / SBOMs 
  • Partner Panel 
  • Supply Chain Security Working Group 
  • Responding to Supply Chain Compromises Panel

Source: Federal Business Council, Inc. (fbcinc.com)

Cybersecurity Reference and Resource Guide

2019 Cybersecurity Resource and Reference Guide_DoD-CIO_Final_2020FEB07

The purpose of this document is to provide a useful reference of both U.S. and International resources, in order to develop cybersecurity programs and to build and maintain strong network protection. Extensive reference materials exist that support efforts to build and operate trusted networks and ensure information systems maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability. The resources compiled here support security cooperation and shared best practices to help achieve collective cybersecurity goals. This guide provides readily available and unclassified information pertaining to cybersecurity norms, best practices, security cooperation, policies and standards authored and adopted by the United States (U.S.) government, the U.S. Department of Defense (DoD), and recognized international institutes and workforce development training resources provided by government, industry, and academia.

Aspects related to Cyber Supply Chain Risk Management in the document:

Cyber Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an information and operational technology product or service at any stage.

Website: https://csrc.nist.gov/Projects/Supply-Chain-Risk-Management

NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, April 2015

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated, and deployed, as well as the
processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services. This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. This publication integrates SCRM into federal agency risk management activities by applying a multi- tiered, SCRM-specific approach, including guidance on supply chain risk assessment and mitigation activities.

Website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pd

Op-ed | SOS Space: Why cybersecurity and supply chain risk management must go hand in hand

Op-ed | SOS Space: Why cybersecurity and supply chain risk management must go hand in hand – SpaceNews

There is little doubt that the domains of space and cyber are currently being contested through antagonistic behavior across the globe.

Near-peer adversaries have already strategically prioritized these as preferred domains of action, both in competition and conflict. Cyber-enabled supply chain attacks are increasingly and globally being used as a hybrid warfare tactic to provide advantages. Predictably, they afford adversaries a relatively cost-effective means of engagement, plausible deniability, and avoid the political backlash that inevitably results from lethal action and physical incursion. Considering the emphasis placed on these domains, the U.S. space, defense, and intelligence communities must concentrate efforts to safeguard space assets, preserve strategic and military advantages, and solidify national security and global stability. Cybersecurity and supply chain integrity must become integral and elevated concerns for the space community, as well as space consumers and strategic stakeholders.