Speaker: Hart Rossman
Our paper,"Building A Cyber Supply Chain Assurance Reference Model", marked the culmination of a seven-month research project which sought to fuse together the fields of cybersecurity and supply chain risk management by applying proven supply chain practices to this evolving cyber domain. This presentation will take a cross-functional risk perspective of Cyber Supply Chain Assurance referencing cutting edge models, tools, and practices extending the initial findings in this paper. The audience will learn through case study and example threat vectors, details of known incidents, and best practices for creating resilient cyber supply chains. Of particular focus will be the role of the incident response and security teams as actors in the cyber supply chain. We will explore tools and tactics that might be used including technical and contractual means to influence response capability throughout the cyber supply chain. The cyber supply chain encompass the information and communications technology components, products, services, and integrated systems created and transported by global supply chain.
This presentation is the result of a collaboration between SAIC and the Supply Chain Management Center (SCMS) of the Robert H. Smith School of Business, University of Maryland (UMD) at College Park. Our research assessed the dynamics, risks, and management challenges and opportunities of the cyber supply chain in its role as a critical public system/private infrastructure.
Among the research team's key findings are:
The central challenge is that global cyber supply chains today are as fragmented as physical supply chains were 15 years ago. Since the release of our paper we have been diligently conducting on-site case studies with several government and commercial organizations to better understand the application of the model.
In this session we will introduce our model and present one industry and one government case study covering a cross-functional executive perspective of its application paying particular attention to the challenges an incident response team faces in aligning the CERT/CIRC function with conventional supply chain risk management.