What is your private sector enterprise doing today to improve your ICT Supply Chain Risk Management (SCRM)? Cyber-espionage campaigns have been operating for years across the ICT domains and are exposed every year in the trade press to John Q. Citizen, soon after "Black Hat" and "Defcon". Once again, the origins of these sophisticated and viable adversaries are located inside nation states.
The beltway has been talking about the need for more effective legislation to modify behavior on the Supply Chains of Critical Infrastructure. For many who remain committed to the silent war and the warriors who are fighting it each day on a 24 x 7 basis, they know the operational risks associated with this modern day battlefield.
Do you know where your information is today? No, not your "Personal Identifiable Information" (PII), but the crown jewels of your latest Research and Development project. Or the details on the "Merger and Acquisition" (M&A) activity associated with your cash cow law firm client. Guess again, because you may not be the only one who now has copies of these trade secrets or confidential and proprietary information.
The beltway has been talking about the need for more effective legislation to modify behavior on the Supply Chains of Critical Infrastructure. For many who remain committed to the silent war and the warriors who are fighting it each day on a 24 x 7 basis, they know the operational risks associated with this modern day battlefield.
Do you know where your information is today? No, not your "Personal Identifiable Information" (PII), but the crown jewels of your latest Research and Development project. Or the details on the "Merger and Acquisition" (M&A) activity associated with your cash cow law firm client. Guess again, because you may not be the only one who now has copies of these trade secrets or confidential and proprietary information.
The Information Communications Technology (ICT) supply chain is at risk and the days are numbered until our final realization even after SolarWinds, that this issue is far past the policy makers control. Is this an operational risk that we have done all we can do, to mitigate the impact on our U.S. national security? Everyone should know the answer to this question.
The complexity and the complacency of the problem continues to plague those who are working so diligently to fend off the daily attacks or counterfeit micro-components. The strategy is now morphing as we speak, from defense to offense and the stage is being set for our next generations reality of global cyber conflicts and ICT due diligence. Richard Clarke and others are beyond the ability to say much more than they already have so far.
So where are the solutions? Where are the answers? They can be found very much in the same way organizations, companies and nation states realized what was necessary to deter, detect, defend and document operational risks to their institutions for the past several decades. The science has changed rapidly but the foundational solutions remain much the same using these six factors:
The complexity and the complacency of the problem continues to plague those who are working so diligently to fend off the daily attacks or counterfeit micro-components. The strategy is now morphing as we speak, from defense to offense and the stage is being set for our next generations reality of global cyber conflicts and ICT due diligence. Richard Clarke and others are beyond the ability to say much more than they already have so far.
So where are the solutions? Where are the answers? They can be found very much in the same way organizations, companies and nation states realized what was necessary to deter, detect, defend and document operational risks to their institutions for the past several decades. The science has changed rapidly but the foundational solutions remain much the same using these six factors:
- Identify
- Assess
- Decide
- Implement
- Audit
- Supervise
