State and local procurement officials must understand they have a crucial role in protecting technology supply chains from cybersecurity attacks, two experts said during a podcast hosted by the National Association of State Procurement Officials (NASPO).
The professional procurement officers are “the tip of the spear” for addressing this threat, Russell Porter, a senior executive at the National Counterintelligence and Security Center (NCSC), said during a recent “NASPO Pulse Podcast.”
News reports about third-party risk in the supply chain have been rampant. Dugan Petty, education and outreach coordinator for NASPO and former CIO for Oregon, noted that more than 3,000 articles have been published about the SolarWinds hack since it happened in 2020.
“We now know that our contracting avenue has become a threat vector for attacks,” Petty said. “Eighteen thousand customers unknowingly installed malicious code with a trusted supplier that’s a good supplier. That’s shined a light on something that’s been around forever, it just hasn’t been exploited.”
Porter said these activities are part of what’s known as the Gray Zone that includes things such as election…
