‹ All episodes

The Buzz with ACT-IAC

Adapting to IT Supply Chain Risks with Leo Alvarez

June 28, 2022 Episode 62
The Buzz with ACT-IAC
Adapting to IT Supply Chain Risks with Leo Alvarez
Info
The Buzz with ACT-IAC
Adapting to IT Supply Chain Risks with Leo Alvarez
Jun 28, 2022 Episode 62

Software development and hardware manufacturing has become increasingly globalized over the last 10 years. A single application can contain hundreds, or even thousands, of software components sourced from just as many vendors located all over the world. And each one of these components presents a potential entry point for attack.

As evidenced by the Solar Winds hack, the lack of transparency in our supply chains represents a significant impediment to securing the United States' IT systems . The Biden Administration said as much with last year's Executive Order 14028, "Improving the Nation's Cybersecurity".

Now, a year later, federal agencies are beginning to roll out new requirements and guidelines for contracting firms to improve the integrity of these IT supply chains and reduce systemic risk. As with much of cybersecurity, this will require comprehensive efforts throughout the federal technology ecosystem, and a careful balancing of security and ease of use.

This week, The Buzz is joined by Leo Alvarez, Principal at Baker-Tilly and member of ACT-IAC's Cybersecurity Supply Chain Risk Management (C-SCRM) Working Group. He shares some insights on what effective C-SCRM strategies look like and how these new requirements will affect the acquisitions process.

Referenced in this episode:
CISA C-SCRM Task Force
NIST C-SCRM Practices
ACT-IAC Acquisitions C-SCRM Working Group

Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.

Learn more about membership at https://www.actiac.org/join.
Donate to ACT-IAC at https://actiac.org/donate.

Intro/Outro Music: Focal Point/Young Community
Courtesy of Epidemic Sound

Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes

Software development and hardware manufacturing has become increasingly globalized over the last 10 years. A single application can contain hundreds, or even thousands, of software components sourced from just as many vendors located all over the world. And each one of these components presents a potential entry point for attack.

As evidenced by the Solar Winds hack, the lack of transparency in our supply chains represents a significant impediment to securing the United States' IT systems . The Biden Administration said as much with last year's Executive Order 14028, "Improving the Nation's Cybersecurity".

Now, a year later, federal agencies are beginning to roll out new requirements and guidelines for contracting firms to improve the integrity of these IT supply chains and reduce systemic risk. As with much of cybersecurity, this will require comprehensive efforts throughout the federal technology ecosystem, and a careful balancing of security and ease of use.

This week, The Buzz is joined by Leo Alvarez, Principal at Baker-Tilly and member of ACT-IAC's Cybersecurity Supply Chain Risk Management (C-SCRM) Working Group. He shares some insights on what effective C-SCRM strategies look like and how these new requirements will affect the acquisitions process.

Referenced in this episode:
CISA C-SCRM Task Force
NIST C-SCRM Practices
ACT-IAC Acquisitions C-SCRM Working Group

Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.

Learn more about membership at https://www.actiac.org/join.
Donate to ACT-IAC at https://actiac.org/donate.

Intro/Outro Music: Focal Point/Young Community
Courtesy of Epidemic Sound