The rising call to protect agency technology supply chains isn’t new. Back in 2012, the Senate Armed Services Committee released an eye-opening report on counterfeit electronic products in the Defense Department.
The Pentagon has been aware of counterfeit and supply chain problems dating back decades, but saw a huge upswing in these parts infiltrating its national security systems starting in 2005.
The recent SolarWinds cyber breach brought to light not only how complicated this challenge is but the need to stop staring at the problem and take real action.
Over the last few years, agencies have done a lot of thinking and planning with the development of the Cybersecurity Maturity Model Certification (CMMC) standards and the creation of the Federal Acquisition Security Council (FASC) to name a few, but real change has been hard to come by.
Jon Boyens, the deputy chief of Computer Security Division at the National Institute of Science and Technology, said a 2018 report by the Ponemon Institute found 66% of companies do not have a comprehensive third-party inventory. The 2019 Ponemon report found the average cost of a supply chain attack was $7.5 million and more than 50% of all respondents reported a breach in the two years.
“Even now, when we talk about supply chain risk management, it’s kind of a level set. It means different things to different people. Some people still do not get the relevance of it or they look at different aspects very adversarial,” Boyens said at a recent supply chain event sponsored by FCW.
This is why many believe the SolarWinds supply chain breach finally will get the government and industry to act more decisively and quickly.
Rep. John Katko (R-N.Y.), the ranking member of the Homeland Security Committee, explained this desire to take real actions and not just stare at the problem in a Jan. 19 letter to the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department.
“I remain concerned that the Federal Acquisition Security Council is not making rapid enough progress to operationalize its ability to leverage its authorities from the SECURE…