With cyber attacks on the rise, U.S. government contractors are reconsidering the risks in their supply chains. In Executive Mosaic’s latest video interview, DTS CEO and President Ed Tuorinsky discussed how to assess and manage the cybersecurity risk of your partners and how that is part of a larger effort to increase your security posture while protecting your data and your reputation.
Supply Chain Security Risks Explained
Securing supply chains is becoming increasingly critical for government contractors, especially as companies see more and more cyber attacks and security breaches.
“If you look at some of the recent larger hacks with the medical community, they’re getting in through these non-secure pathways and they’re infiltrating larger organizations,” Tuorinsky said to Executive Mosaic’s video reporter Summer Myatt. “Commercial companies are starting to look at their supply chain and implement [security].”
While supply chain security is important for organizations of any size, it’s absolutely imperative for companies that work with government agencies on major mission-focused projects, like space infrastructure.
“If you’re building a satellite, and you’re putting hardware and software that’s not vetted into that satellite, it opens up large swaths for adversaries to use those things,” explained Tuorinsky.
Is Supply Chain Security Required?
Supply chain security is not currently a requirement for any federal agency or company. But Tuorinsky said government contractors are starting to implement it because of increasing infiltrations. And companies that don’t pay attention to supply chain security in today’s cyber landscape risk losing business.
“It’s quickly becoming a dealbreaker,” Tuorinsky shared. “Currently, from a software perspective, if you’re not FedRAMP approved, most DOD contractors will not use your software.”
Government Supply Chain Security Initiatives
NIST 800-171 Revision 3
The latest revision of National Institute of Standards and Technology’s 800-171 guidance seeks to better protect the federal government’s controlled unclassified information, known as CUI. NIST 800-171 includes information on supply chain risk management plans, supply chain controls and processes and other guidance on securing supply chains to safeguard CUI.
Tuorinsky said NIST 800-171 Revision 3 is out but not yet being implemented by the DOD, as they’re currently implementing the second revision of the guidance. But Tuorinsky said the new guidance will be implemented within the next three years.
There are also proposed FAR and DFARS clauses focused on supply chain security, which Tuorinsky sees as a clear sign that there will be more regulations and standards about supply chain security coming out of the federal government in the coming years.
What’s next for supply chain security? How can government contractors prepare for changing regulations and requirements? Watch Ed Tuorinsky’s video interview to find out more.