supply chain

September 21, 2021
 
SolarWinds is using a security by design methodology to strengthen its security and to help protect the software industry’s supply chain. Credit: Shutterstock

The software management firm SolarWinds is revising how it approaches security to develop better products and to help its customers and protect the supply chain they all rely on.

Cyber attacks on supply chains are a growing threat, something SolarWinds experienced in 2020 when Russian government-backed hackers breached the servers for one of the company’s software products and compromised the security of hundreds of customers including several dozen federal agencies.

Under its new CEO Sudhakar Ramakrishna, the company is changing how it operates internally and with its customers by adopting a security by design approach to its operations.

September 14, 2021
By Robert K. Ackerman
Ellen Lord (l), former undersecretary of defense for acquisition and sustainment, discusses the vulnerability of the supply chain with Christine Michienzi, chief technology officer for the Office of the Deputy Assistant Secretary of Defense for Industrial Policy, at the Intelligence and National Security Summit. Photo by Herman Farrer

The intelligence supply chain needs prompt attention, but any solutions do not necessarily require moving all production back to the United States. The country can rely on some critical sources overseas, but it cannot expect just any vital component to be available any time it is needed.

May 26, 2021
By Kimberly Underwood
Atlantic Council researchers emphasize that the technological revolution, which shows no sign of stopping, will reshape societies and geopolitics “in novel and even unanticipated ways.” Credit: Shutterstock/Yurchanka Siarhei

A new study from the Atlantic Council’s Commission on the Geopolitical Impacts of New Technologies and Data warned that the technological revolution is continuing at such speed and enormity that it is reshaping societies and geopolitics across the globe, and “in novel and even unanticipated ways.” Researchers recommend that the United States take immediate steps to create specific strategies, governance and leadership roles; develop capabilities for a digital economy, quantum computing, supply chain resiliency, biomedical protections and space-related solutions; and strengthen partnerships with allies.

April 13, 2021
 
Effective supply chain management with government customers requires clear communications, says Zach Conover, general manager for Akima LLC’s subsidiaries Truestone, Lynxnet and Aperture Federal. Credit: Shutterstock

The COVID-19 pandemic and the strains it put on the global supply chain is making businesses rethink how they supply their government customers, said Zach Conover, general manager for Akima LLC’s subsidiaries Truestone, Lynxnet and Aperture Federal. Akima is an Alaska native-owned government contractor providing services such as facilities maintenance and repair, information technology support, logistics and supply chain operations, and systems engineering.

April 9, 2021
By Robert K. Ackerman
A communications tower for military 5G rises above a forest. Several challenges loom as the U.S. Defense Department strives to implement 5G into the force. Credit: M.Moira/Shutterstock

The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.

February 8, 2021
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment. At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

November 17, 2020
By Robert K. Ackerman
Credit: Shutterstock/VideoFlow

Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.

New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.

October 22, 2020
By Julianne Simpson
Katie Arrington, chief information security officer for Acquisition and Sustainment, U.S. Department of Defense, says there’s no point in developing software if it’s not secure, during a webinar on securing the federal software supply chain.

Anyone moving through the ecosystem of software development and cyber over the last few decades has heard cool words to describe it: Waterfall, Cobalt, Agile, DevOps and now DevSecOps.

DevSecOps may be the latest term but the idea behind it remains constant: Security should be a priority from the start.

March 11, 2020
 

Raytheon BBN Technologies Corp., Cambridge, Massachusetts, is awarded a $9,321,564 performance based, cost-plus-fixed-fee, completion contract (N65236-20-C-8009). This contract is for research logistics and supply chain automated reasoning and information fusion, real-time demand forecasting and system resilience assessment. Work will be performed in Cambridge, Massachusetts (67%); Menlo Park, California (13%); Minneapolis, Minnesota (12%); Potsdam, New York (4%); and Tucson, Arizona (4%).  Work is expected to be complete by September 2021.

March 1, 2020
By Kimberly Underwood
Known as a software bill of materials, a list of software components, information about those components and their relationship to the supply chain, are key elements in building supply chain transparency. Credit: Shutterstock/Andrey Suslov

Having a detailed description of the software components in any software-based product is necessary to identify cyber vulnerabilities and ultimately help reduce cybersecurity risks, officials say. The National Telecommunications and Information Administration, working with industry stakeholders, is pursuing the advent of a so-called software bill of materials to apply to digital products that identifies and lists the pieces of software, information about those components and supply chain relationships between them, the agency specifies.

March 1, 2020
By Robert K. Ackerman
The greatest threat to the global electronics supply may be a break at a weak point in the chain.  Shutterstock/Sashkin

The electronics supply chain to the West faces a greater threat from total cutoff than from having its components tinkered with by malefactors, according to some experts. Many measures currently in place to help ensure quality also serve to thwart saboteurs and counterfeiters. However, a far greater menace looms in the potential for a complete damming of the flow of chips and circuit boards, as the United States and most Western countries lack the infrastructure to pick up fabrication and manufacturing on short notice.

March 1, 2020
By Henry S. Kenyon

Supply chain management is vitally important to running and maintaining an organization’s IT systems, but like logistics systems, it is not inherently sexy and has historically drawn little attention from the C suite. When it is carried out, in many federal agencies it’s traditionally a manual process managed on spreadsheets. In recent years new directives have mandated that the Department of Defense (DOD) and civilian agencies must all begin monitoring this, especially for cybersecurity considerations within the Department’s Risk Management Framework (RMF).

October 29, 2019
By Rod Musser
Recent events indicate the government is serious about enforcing supply chain cybersecurity. Credit: Kalabi Yau/Shutterstock

Supply chain security has been of concern to government leaders for decades, but with attacks now originating in industrial control systems (ICS) from supply chain vulnerabilities and with an increasing reliance on the Internet of Things (IoT), Congress is stepping up its involvement. For example, legislators have promised that more stringent standards will soon be enforced.

July 15, 2019
By Kimberly Underwood
The U.S. House of Representatives, led by Democrats, passes its version of the annual defense spending authorization bill, which will have to be ironed out with the Republican-led Senate. Credit: Shutterstock/Turtix

On Friday, the U.S. House of Representatives passed their version of the National Defense Authorization Act for Fiscal Year 2020, H.R. 2500, by a vote of 220-197. Known as the NDAA, the annual legislation authorizes policy measures for the Defense Department. It varies from the Senate’s bill, S. 1790—passed on June 28—which the two legislative bodies will have to reconcile before sending a final NDAA to the president.

July 9, 2019
 

General Dynamics Information Technology (GDIT) will be supporting the U.S. State Department's global technical security supply chain effort, under a $2 billion single-award contract with the Bureau of Diplomatic Security (DS), Countermeasures Directorate. The contract includes a base period of five years and a five-year award term, the company reported.

Under the contract, GDIT will provide the State Department, U.S. Embassies and other posts worldwide with integrated technical security systems, engineering and solution development, hybrid supply chain and distribution management, as well as a global logistics and transportation network. 

July 1, 2019
By Robert K. Ackerman
Shutterstock/Kritsana Maimeetook

The fight to secure microelectronic chips is becoming as basic as the chip itself. With chips facing a myriad of threats throughout their life cycle, experts are incorporating security measures into the development of the chip from the foundry to assembly. Other approaches safeguard against threats that could appear as the chip moves through the supply chain. The bottom line for microelectronics security is that necessary measures cannot wait until the device is in the hands of the user.

July 1, 2019
By Chris Nissen
Bill Bickert, assistant commander for supply chain management policy and performance, Naval Supply Systems Command, visits the command’s Fleet Logistics Center–Jacksonville, Florida, headquarters. Supply chain monitoring software is useful; however, ensuring suppliers are providing clean components is crucially important as well. Photo by Carol Williams

Adversaries are exploiting the inherent vulnerabilities of U.S. military supply chains that involve tens of thousands of private sector providers from all over the globe. Attack operations include stealing valuable technical data; striking critical infrastructure, manufacturing and weapon systems control systems; corrupting the quality and assurance across a broad range of product types and categories; and manipulating software to access connected systems and to degrade systems operation integrity.

July 1, 2019
By Kimberly Underwood
Some of DARPA’s research into microelectronics is creating automatic security mechanisms integrated into the design of microchips, which are smaller than a grain of sand.  Connect world/Shutterstock

The colossal reliance on semiconductor chips by the military and commercial industry reaches across weapons, machines and systems that perform key defense and national security functions. And while the Defense Department and the industry use secure chips, they are expensive and hard to design. To remedy that, the Defense Advanced Research Projects Agency, known as DARPA, is looking to automatically include defense mechanisms into the design of microchips. The agency is creating tools to manage the supply chain custody throughout the life cycle of a microchip and increase the availability and economics of secure microelectronics.