Welcome to the AFCEA Classified Cyber Forum

Cyber Supply Chain Risk: Threats and Solutions

The target surface of a supply chain typically extends from product design through product retirement. Trying to secure it all at once has traditionally resulted in ‘paralysis by analysis’. The US government and industry have made limited progress over the past 30+ years, because the problem of trying to fully scope the problem and secure every element of a supply chain against every threat—i.e., ensuring integrity—becomes overwhelming. Emphasis has increasingly shifted to supply chain risk management or mitigation (SCRM). 

Supply chain risk is a ‘bad news/good news’ story. The bad news is that supply chains in general are porous and vulnerable. The good news is that it is harder to exploit them than conventional wisdom would suggest. A successful exploit typically needs to leverage the three c’s – control, communication, and clandestine activity. Complications arise because an exploit that works in a testbed may not work in a real life environment characterized by an unpredictable mix of components and functionality; connectivity and communications paths can be variable and intermittent; and successfully exercising command and control in an undetected clandestine fashion usually raises the bar in terms of tradecraft and technology. Even if you as owner/user don’t understand exactly who threatens, how can you accomplish risk management in a meaningful way?
Join us at this forum, presented at the SECRET FVEY level, To explore these important issues.

Who is behind the agenda? 
The agenda is being developed by a team of subject matter experts from the AFCEA Cyber and Homeland Security committees.

What topics will be discussed?
  • Supply chain of what?
  • Against what threat?
  • What are we doing about it?
  • Using what approach?
  • What's next?

Are there continuing education opportunities? 
Yes! Each panel session will be submitted for approval for continuing education/certification maintenance for CompTIA, GIAC, and/or CertNexus certifications. Note that AFCEA cannot provide attendance documentation, but attendees may self-certify their attendance with their credentialing organization(s).

Check out the agenda and plan on joining us at the AFCEA Classified Cyber Forum on June 19.