Watch: DTS’s Ed Tuorinsky Shares Insights on Supply Chain Security

As cyberattacks continue to rise, U.S. government contractors are reconsidering supply chain risk, according to a recent Executive Mosaic article video interviewCEO and President of DTS Ed Tuorinsky We discussed how to assess and manage your partners’ cybersecurity risks and how this is part of a larger effort to increase security while protecting data and reputation.

https://www.youtube.com/watch?v=gj8Po3oMr0M

Supply Chain Security Threats Explained

Securing the supply chain is becoming increasingly important for government contractors, especially as companies face an increasing number of cyberattacks and security breaches.

“If you look at some of the recent larger hacks in the healthcare community, they’re coming in through these unsecured channels and infiltrating larger organizations,” Tuorinsky told Executive Mosaic video reporter Summer Myatt. “Commercial companies are starting to look at their supply chains and implement (security).”

Supply chain security is important for organizations of all sizes, but it is absolutely essential for companies working with government agencies on large, mission-oriented projects such as space infrastructure.

“If you build a satellite and put hardware and software on it that hasn’t been tested, you open up a huge opportunity for adversaries to exploit that,” Tuorinsky explained.

Is supply chain security necessary?

Supply chain security is not currently a requirement for any federal agency or company. But Tuorinsky said government contractors are starting to implement it because of increasing infiltration. And companies that don’t pay attention to supply chain security in today’s cyber landscape risk losing business.

“That’s quickly becoming a deciding factor,” Tuorinsky shared. “Right now, from a software perspective, if you don’t have FedRAMP approval, most DOD contractors won’t use your software.”

Government Supply Chain Security Initiatives

NIST 800-171 revision 3

The latest version of the National Institute of Standards and Technology 800-171 tips seeks to better protect the federal government’s controlled classified information, known as CUI. NIST 800-171 provides information on supply chain risk management plans, supply chain controls and processes, and other guidance for securing supply chains to protect CUI.

Tuorinsky said NIST 800-171 Revision 3 is now available, but has not yet been implemented by DOD because they are currently implementing the second revision of the guidelines. But Tuorinsky said the new guidelines will be implemented within the next three years.

It also proposed introducing FAR and DFARS clauses focused on supply chain security, which Tuorinsky sees as a clear signal that the federal government will introduce more regulations and standards on supply chain security in the coming years.

What’s Next for Supply Chain Security? How Can Government Contractors Prepare for Changing Regulations and Requirements? Watch the video interview with Ed Tuorinsky to learn more.