ARLINGTON, VA (April 30, 2018) – The U.S. Government and its private sector partners must do a better job of raising awareness of supply chain risks and vulnerabilities, which foreign adversaries have demonstrated an interest and acumen for exploiting, said National Counterintelligence and Security Center Director Bill Evanina at an INSA panel discussion on Monday, April 30, 2018. Evanina was the keynote speaker for the event, held to commemorate the conclusion of NCSC’s Supply Chain Integrity Month campaign.
“In order to mitigate (threats), you have to know what they are, and the supply chain threats we face from nation-states are first and foremost,” said Evanina, who named Iran, China, Russia and North Korea as particularly active in penetrating U.S. critical infrastructure and supply chain processes.
Evanina emphasized that to ensure a healthy U.S. industrial base, government and industry must be vigilant about the security of "what we make and how we make it." This burden falls particularly hard on the private sector, as they are the source of the products and services the U.S. Government buys and uses.
“If your acquisition and procurement are not part of your team [addressing supply chain risks], you’re going to fail,” Evanina said. “You’re going to fail, promise, because our adversaries – that’s how they get us, through acquisition and procurement programs.”
Evanina encouraged organizations to develop an enterprise-wide commitment to identifying and mitigating supply chain vulnerabilities, including an “enterprise security board” of C-Suite senior executives and other personnel as appropriate, including counterintelligence and security, human resources, general counsel, acquisition and procurement, and information technology. “Have a plan, practice the plan,” he said.
Following Evanina’s keynote, Jason Miller, executive editor at Federal News Radio, moderated a panel with experts from AECOM, Microsoft, the Department of Homeland Security, and the National Institute of Standards and Technology, which has been home of the Information and Communications (ICT) Supply Chain Risk Management (SCRM) program since 2008.
Video: Keynote by NCSC Director Bill Evanina
- Emile Monette, Cybersecurity Strategist, Office of Cybersecurity and Communications, DHS
- Jon Boyens, Manager, Security Engineering and Risk Management, National Institute of Standards and Technology
- Jason Miller, Executive Editor/Reporter, Federal News Radio (moderator)
- Ronald "Fog" Hahn, Executive Vice President, Critical Infrastructure Protection Strategies, AECOM
- Ryan Socal, Senior Program Manager, Azure Global Ecosystem, Microsoft