Cybersecurity Supply Chain Management

A new and unique perspective on cybersecurity is coming out of the federal space

While travelling by train from Boston to NYC, I read two very thought-provoking papers on cybersecurity. Both are about a concept known as the cybersecurity supply chain. At a fundamental level, this thesis states that security is only as good as the whole supply chain process. Therefore, large organization must check the security of their suppliers, the integrity of their products, and the end-to-end systems created by the amalgamation of the piece parts.

I've long preached a similar concept called business process security but the cybersecurity supply chain extends a bit further than my model.

The first paper titled, "Software Supply Chain Integrity Framework," can be downloaded from the SAFECode site (www.safecode.org), an organization dedicated to software assurance composed of Adobe (ADBE), EMC (EMC), Juniper Networks (JNPR), Microsoft (MSFT), Nokia (NOK), SAP (SAP), and Symantec (SYMC).

The second paper titled, "Building a Cyber Supply Chain Assurance Reference Model," can be downloaded from this link (http://www.saic.com/cyber-supply-chain/?intcmp=hs_cybersupplychain) on the SAIC (SAI) site.

Very interesting reading for CISOs or technology vendors working with large organizations of government agencies.

• cybersecurity
• federal government
• Safecode
• SAIC