Industry group launches task force to protect sensitive information handled by suppliers
A government-organized council of major defense contractors last week announced the creation of the Supply Chain Cybersecurity Industry Task Force, a new group dedicated to identifying, prioritizing, and driving adoption of security controls to protect intellectual property and other sensitive data throughout the supply chain.
The Lowdown: The task force will initially focus on advanced persistent threat (APT) tactics, enhanced oversight and accountability, and improved partnerships with other industry representatives and the U.S. Department of Defense.
The Details: Task Force members will include representatives from defense industrial base organizations such as BAE Systems, Boeing, Lockheed Martin, Northrop Grumman, and Raytheon. The formation of this task force marks the continued evolution of information sharing and collaboration within the defense industry, but focuses specifically on supply chain security activities and will serve as an ongoing mechanism to drive change to improve the resilience of the military-industrial sector.
Background: The new group is being organized by the Defense Industrial Base Sector Coordinating Council (DIB SCC), which operates under the auspices of the Department of Homeland Security’s Critical Infrastructure Partnership Advisory Council. The DIB SCC serves as the primary private-sector policy coordination and planning entity for the security, resilience, and critical infrastructure protection defense industry in the United States.
The Buzz: “This task force will use the DIB SCC construct to serve as a focal point for industry collaboration across the supply chain, leveraging input and efforts from small to large companies,” said Lockheed Martin CISO Mike Gordon. “Our objective is to help identify and implement adversarial-focused solutions that enhance the cyber posture of companies throughout the multi-tier supply chain.”
“We recognize that nation states and other attackers are aggressively targeting suppliers at all tiers of the DIB supply chain in an effort to steal or alter intellectual property and DoD information residing on company networks,” said J.C. Dodson, vice president of cybersecurity and global CISO at BAE Systems. “This task force will help to ensure the appropriate level of collaboration to eliminate vulnerabilities and protect critical national security information.”
“By creating a focused construct for repeatable idea generation, and a trial and execution engine under the DIB SCC, industry will better be able to coordinate and partner with DoD task forces and agencies focused on the same problem,” said Northrop Grumman CISO Michael Papay.
Jeff Brown, vice president and CISO of Raytheon Company, observed, “There is no one single solution that can secure the supply chain. We need to bridge potential technical solutions and multi-tier implementation approaches to enhance protections throughout the supply chain.”
“The importance of working together to address this issue cannot be understated. Input from companies of all sizes is important to ensuring proposed approaches will actually work,” said Scott Regalado, senior director for information security at Boeing.