In her opening keynote at INSA's August 19 Supply Chain Integrity program, NCSC Deputy Director Connie Taube acknowledged that developing and maintaining a clear understanding of any organization's supply chain in the modern world is a heavy lift, especially in the current global climate. That said, it is of utmost importance that an organization make supply chain security a priority. She went on to offer her "bumper sticker" advice (as she put it) to attendees to manage this risk:
- Recognize that supply chain risk exists and establish a risk management process to enhance trust in the purchases of goods and services
- Understand that supply chain risk management is very much a team sport (not unlike cybersecurity)
- Create a team within your organization dedicated to supply chain risk management. This team should include the CIO, CISO, and most importantly the acquisitions team, among others
- Know your partners (vet 3rd party vendors, including legal counsel)
Regarding the threat to 5G supply chain security, she noted that some of the key technologies expected to underpin 5G (i.e. network virtualization, transition of more core functions to the edge of network) also create larger attack surfaces and more opportunities for data monitoring and introducing new vulnerabilities. Regarding Huawei, Ms. Taube noted that trust in 5G telecom software and equipment can't be overstated. "Huawei with its history of unethical and illegal behavior, including IP theft, has simply not earned trust."
The second half of the program continued with a panel discussion between supply chain experts from across government and industry. From the start, all panelists agreed that trust and partnership are imperative to maintaining integrity within a supply chain. Focusing primarily on 5G, the panelists acknowledged that the government makes up a small percentage of the entire market, which means that mission-success is a result of cross-sector dependency, a mutual agreement on standards of trust, and an understanding of the global implications and long-term effects of an organization's supply chain.
The panelists also emphasized the need for resiliency within a supply chain. To ensure that a supply chain can bounce back from any type of mishap, the panelists suggested having a diverse network of suppliers and increasing the production speed of commodities in high demand.
View the Full Program Recording:
- Robert Kolasky, Director, National Risk Management Center, Department of Homeland Security
- Cheri Caddy, Senior Advisor for Cybersecurity, Cybersecurity, Energy Security & Emergency Response (CESER) Office, Department of Energy
- Kathryn Condello, Senior Director for National Security and Emergency Preparedness, Century Link
- Brennan Grignon, Senior Consultant, LMI
- Clete Johnson, Partner, Wilkinson Barker Knauer, LLP (moderator)
In the Media
- Rise of 5G Drives Intelligence Community to Refine Cyber Threat Information Sharing Practice (Federal News Network)