NRMC: Vulnerability Awareness, Partnership Essential to ICT Supply Chain Security

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats.

That was the word from Mara Winn, Associate Director of CISA’s National Risk Management Center (NRMC), who provided updates on the NRMC’s work at FCW’s NASA SEWP SCRM Hybrid Forum 2022 on May 24.

Having a common language on security then allows organizations to have an “apples-to-apples conversation with your vendors” that are especially useful because different groups have different tolerance for risk, she said.

Winn also emphasized the importance of agencies constantly looking for where threats are coming from, and understand the trustworthiness of their own supply chain. She highlighted that everyday risks to the supply chain are “more than just ships having trouble in ports.”

Source: NRMC: Vulnerability Awareness, Partnerships Essential to ICT Supply Chain Security – MeriTalk

FCC Puts Kaspersky on Security Threat List

The Federal Communications Commission recently determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds.  Kaspersky becomes the first security company and first Russian entity to be added to the US security threat list. Companies that appear on the list are ineligible to receive any of the $8 billion available annually under the FCC’s Universal Service Fund. The fund supports telecom services in rural areas or is for low-income consumers or entities like schools, libraries, and hospitals.  The move adds Kaspersky to the same covered list that Huawei and ZTE landed on in 2021.

Source: https://arstechnica.com/information-technology/2022/03/fcc-puts-kaspersky-on-security-threat-list-says-it-poses-unacceptable-risk/