Officials: Intelligence Community Scrambles to Upgrade Supply Chain Cybersecurity
The National Geospatial-Intelligence Agency and the National Reconnaissance Office are hustling to expand and mature their approaches to cybersecurity.
Chris Brown, the NGA's deputy chief information security officer, said the agency wants to "catch up quickly" in adopting supply chain risk management processes and tools.
He said that while the budget is not large, the Intelligence Community has launched efforts to reduce threats to the supply chain, with April being dubbed supply chain integrity month.
The National Counterintelligence and Security Center previously announced that it has a concrete plan to install counter-threat measures across the government over the next three years. It reportedly includes supply risk management capabilities and processes in the federal market, Federal News Network reported.
“We will create a supply chain risk assessment shared repository, address deficiencies in the federal acquisition process and seek more streamlined authorities to exclude high-risk vendors,” the National Counterintelligence and Security Center said in a previously published strategy.
Brown said the NGA is assessing how it evaluates the hardware and software that connect to its system. “In my world, there is some confusion of whether it’s a counter-intelligence problem or a cybersecurity problem? I like to say it’s an IT problem,” Brown said.
NRO Deputy CISO Mike Ryan said that the issue of supply chain risk management must be dealt with at the chip level.
“We need to develop more of a zero -rust approach where you can monitor and do something about it after you have the technology because you really can’t tell,” he said.
Zero trust is an information technology security model that requires strict verification for every person and device trying to access resources on a private network.
Ryan said the NRO is also exploring ways to more easily accredit and approve systems. The agency is reportedly also seeking automation applications for continuous monitoring.
Category: Popular Voices
Tags: Chris Brown cybersecurity Federal News Network Intelligence Community Mike Ryan National Geospatial-Intelligence Agency National Reconnaissance Office NCSC NGA NRO Popular Voices supply chain