Even in a secure environment, supply chain security can contain gaps. The seller may have its supply chain locked down, but the manufacturer — confident in its own practices — may be dealing with parts suppliers who work with unsecured companies.
The smaller the company, the larger the gaps and lack of information may be. The National Defense Industrial Association recently surveyed small and medium-sized defense contractors, and found that fewer than 60 percent of them read the document outlining the minimum security standards for defense contractors.
“Most of [the supply chain problem] is outside the individual’s ability to do anything about, and beyond the ability of small businesses to grapple with. … We do need more national focus on the problem,” Tony Sager, senior vice president and chief evangelist of the Center for Internet Security, told Krebs on Security.
The risks federal agencies face in the supply chain include gray-market and counterfeit products, tampering and vendors that don’t properly assess their own risk.
Federal Task Forces Study Supply Chain Risk
At least two federal task forces are working on supply chain security guidelines…
