ICT SUPPLY CHAIN RESILIENCE: THE WAY AHEAD

The ongoing Russian APT attack underscores the importance of “securing our national supply chains,” but what does that mean? What needs to be done, how can it be done and who needs to take action?

​The 2020 Cyberspace Solarium Commission (CSC) Report says “implement an information communications technology industrial base strategy to ensure more trusted supply chains and the availability of critical information communications technology (ICT).” In today’s information-age, ICT is a critical transformative technology, enabling all other technologies and capabilities of our infrastructure sectors; our growing inter-connectivity simultaneously increases our attack surface. How do we develop a risk-based-approach to maximize the benefits and minimize the risk?

​The Institute for Critical Infrastructure Technology (ICIT), in partnership with the Cyberspace Solarium Commission, (CSC) will host this year’s Spring Briefing on ICT/Cyber-Supply Chain Risk Management (SCRM), bringing together policy and technical subject matter experts (SMEs) from the US Government (USG), industry and academia to discuss risk-based-approaches to secure our national supply chains:

What are your sectors’ (eco-systems’) most critical components? How deep do we go in the technology stack? How far left do we go in the lifecycle/design process? What tools and skills are available today and need to be developed for the future of “securing our national supply chains?”

Curriculum Includes:

  • Supply Chain Impacts of Automation and Migration
  • Cloud Security Challenges and Supply Chain Risks
  • Development LifecyclSecurity Evaluation, Measurement, & Auditing
  • Third-Party Risk Management

Speakers Include:

  • Joyce Corell, Asst. Director, NCSC, ODNI
  • RADM (Ret) Mark Montgomery, Senior Director CCTI at FDD & Executive Director, Cyberspace Solarium Commission (CSC)
  • Robert Strayer, Executive Vice President, ITI
  • Rob Morgus, Director TF#2,Cyberspace Solarium Commission (CSC)
  • Jon Boyens, Deputy Chief, Computer Security Division and Program Manager, NIST
  • John Miller, Sr VP Policy and General Counsel, ITI
  • Cherylene Caddy, Senior Advisor, Cybersecurity, CESER, DOE
  • Don Davidson, ICIT Fellow and Director Cyber-SCRM, Synopsys
  • Dan DiMase, President & CEO, Aerocyonics, Inc.
  • Chris van Shijndel, Cybersecurity Director Johnson & Johnson
  • Jamie Barnett, Senior VP, Rignet, Inc
  • Andras Szakal, VP & CTO, The Open Group
  • Edna Conway, VP, Chief Security & Risk Officer, Microsoft Azure
  • Kathryn Condello, Senior Director, National Security/Emergency Preparedness , Lumen Technologies (formerly CenturyLink)
  • Bob Metzger, Lead Washington DC Office, Rogers, Joseph & O’Donnell (RJO) Law Firm
  • Rusty Sides, Public Sector Technical Sales Director, Checkmarx
  • Matt Wyckhouse, CEO and Founder, Finite State
  • Michael McGeehan, Executive Director of Strategy and Business Development, BluePrism

ON-DEMAND VIRTUAL BRIEFING

Opening Keynote | Global Supply Chains and Threats to Critical Infrastructures

While threats to the global supply chain are not a new phenomenon, cybersecurity risks posed by threat actors, criminal elements, and foreign state-owned entities are continuing to increase in frequency and magnitude. Joyce Corell, Assistant Director with the National Counterintelligence and Security Center, will be sharing her insights into efforts to detect risks and minimize dangers to the nation’s supply chains. She will also introduce some of the recent and ongoing ICT-SCRM activities by the US government as a lead-in to Panel #1.


Level-Setting Panel | Past, Present & Future of ICT/Cyber-SCRM

A supply chain is only as strong as its weakest link. This panel will be discussing where supply chain security has come from, key learnings from the past and present, and how these insights are shaping the future of ICT/Cyber-SCRM. Public and private efforts to manage global supply chain risks did not start in 2020; we have all been working on this challenge area and have some success stories past, on-going, and in the works.


Looking Forward – What are Sectors doing to Secure their Supply Chains?

ICT/SCRM has a place in every company, in every sector. Organization leaders can leverage lessons learned and best practices from other sectors to develop robust solutions for their organizations. This panel will discuss the diverse tactics, techniques, and procedures used by multiple sectors to secure their ecosystem/sector using ICT/SCRM.  There will be some focus on third-party risk management in this panel.

Technology & SCRM Experts | Case Study Lightning Talks

Get to know other’s stories and practical solutions learned from short case study/interviews with Information Security and SCRM experts – Checkmarx, Finite State and Blue Prism.

Looking Forward – Building a Trusted ICT-Supply Chain

This Solarium Commission Whitepaper talk on Supply Chain Security specifies five key and eight supporting recommendations to build trusted supply chains for critical ICT technologies, including guidance to conduct a public-private collaborative process to identify goods and materials critical to the continual function of the economy, society, and government. The paper also supports reinvigorating American high-tech manufacturing and innovation with partner nations to ensure continual availability of these goods and materials. In addition, the white paper recommends an approach to ensure that American and partner companies are able to compete with Chinese companies in domestic and global markets through the use of strategic government investment and instruments of the development community.


Looking Forward – What are Tech-Suppliers doing to Secure their Products?

In a more interconnected (think Internet of Things / IoT), fast-paced, and information technology-enabled world (think both microelectronics and software), how are our IT providers designing and delivering products their customers can use with confidence. In this panel, our speakers will discuss the supplier role in ICT/SCRM; what security considerations suppliers are applying to their design, manufacture, and delivery processes.


Closing Keynote | Looking Forward – Way-Ahead for ICT/Cyber-SCRM & US Critical Infrastructure

This Solarium Commission Whitepaper on Supply Chain Security specifies five key and eight supporting recommendations to build trusted supply chains for critical ICT technologies, including guidance to conduct a public-private collaborative process to identify goods and materials critical to the continual function of the economy, society, and government. The paper also supports reinvigorating American high-tech manufacturing and innovation with partner nations to ensure continual availability of these goods and materials. In addition, the white paper recommends an approach to ensure that American and partner companies are able to compete with Chinese companies in domestic and global markets through the use of strategic government investment and instruments of the development community.

Thank You to our Sponsors