Close Menu
WashingtonExec
    Podcast Episodes
    LinkedIn Facebook X (Twitter) Instagram YouTube
    LinkedIn Facebook X (Twitter) Instagram YouTube
    WashingtonExec
    Subscribe To The Daily
    • News & Headlines
    • Executive Councils
    • Videos
    • Podcast
    • Events
      • 🏆 Chief Officer Awards
      • 🏆 Pinnacle Awards
    • About
    • Contact Us
    LinkedIn YouTube X (Twitter)
    WashingtonExec
    You are at:Home»News»Federal Government»GovCons Weigh in on ODNI Supply Chain Warnings
    Federal Government

    GovCons Weigh in on ODNI Supply Chain Warnings

    By Adam StoneOctober 19, 2020
    Share
    LinkedIn Facebook Twitter Email
    Network Connections World Map Polygon Graphic Background with Connected Lines. Image: blackred/iStock
    Image: blackred/iStock

    In a recently published document addressing supply chain risk, the Office of the Director of National Intelligence warns against “foreign attempts to compromise the integrity, trustworthiness, and authenticity of products and services purchased and integrated into the operations of the U.S. Government, the Defense Industrial Base, and the private sector.”

    Attacks on the supply chain represent “a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure,” the agency notes. Foreign adversaries are attacking key supply chains at multiple points: From concept to design, manufacture, integration, deployment and maintenance.

    GovCon leaders say the government does well to take the risks seriously, and they point to ways in which the contracting community can work hand-in-glove with federal officials to mitigate the threat.

    “ODNI is definitely right to be concerned,” said Justin Shirk, vice president of asymmetric analytics at Novetta. “An area of real emerging risk on which we focus is in the provenance of software, both open-source or commercial. This is unfortunately inherently difficult and time-consuming to investigate.”

    He pointed to Novetta’s Dataviser tool as a means to help address the problem.

    At Raytheon, Vice President of Cybersecurity, Training and Services John DeSimone likewise sees an intersection between supply chain and cyberthreats.

    “So much of what is supplied to the government these days is software, or software-enabled hardware, so cyber hardening of the software supplied is key,” he said.

    Introducing more technology into the supply chain “also introduces new entry points and potential vulnerabilities that can be exploited,” said Modzy’s Head of Operations Josh Elliot.

    “Failing to take a proactive posture with your IT systems . . . opens supply chains to cyberthreats, unique challenges related to export control and validation and verification for third party algorithms and software,” he said.

    The GovCon role

    Contractors can help, in part by adjusting their business practices.

    “From the business side, their [Supply Chain Risk Management] plans should implement a rigorous process to vet the beneficial ownership of companies with whom they do business, beyond simply checking their website,” Shirk said. “Using third party data providers like Modzy’s BVD and D&B can enable that process.”

    DeSimone points to a number of additional avenues open to industry.

    One is to employ the latest National Institute of Standards and Technology standards across technologies the private sector supplies as the industrial base. Another is moving to cutting-edge technologies that take a zero trust approach, which takes cyber defense a step further by granting permissions by transaction with real-time threat information rather than granting default access to large groups.

    “Finally, it’s so simple, but knowing who our suppliers are and who they are using is so important,” DeSimone said. “Leverage tools such as Exostar’s Supplier Risk Management built specifically for the federal supplier base.”

    With federal uses of artificial intelligence rapidly on the rise, Elliot says this is an area where GovCons need to pay special attention.

    “You need to understand and trust the capabilities, tools and algorithms you’re bringing into your mission or business,” he said. “That includes everything from the initial identification and scouting of technologies or companies offering solutions to the continued monitoring and compliance checks once implemented.”

    Partnering strategies

    As part of its strategy to respond to this threat, ODNI is looking for support from the GovCon community. The strategy document calls for closer ties between government and the private sector in order to “share supply chain threat information and mitigation measures with our partners, especially in U.S. critical infrastructure sectors.”

    Shirk heartily endorses this approach.

    “This problem is most effectively addressed as a partnership,” he said. “Wherever feasible from a security perspective, the government should try to broadly share supply chain threat data with their vendors so those vendors can merge their contract mandated, traditional analysis and attestations with intelligence.”

    Any opportunity for industry to have a voice in ODNI’s efforts to fight supply chain threats will lead to improvements, DeSimone said.

    “I welcome any chance to participate in events where we can partner with the government for thought leadership in mitigating these risks,” he said. “Co-development of solutions and approaching cyber as team . . . makes a big difference: Showing and sharing ownership instead of assuming someone else is worrying about cyberthreats to the supply chain matters.”

    Partnerships can be especially critical in emerging areas such as AI, Elliot added. Many organizations are still learning about this technology, and establishing trust at the onset is key for this emerging technology to really take off, he said.

    “Moreover, as procurement organizations evolve their contract requirements, there will be an expectation that software vendors are held accountable for the statements they make about the performance quality, reliability and security of their software products,” Elliot added.

    ODNI is looking for a more collaborative approach to emerging threats. These and other GovCon leaders are rowing in the same direction. By working in close coordination, they say, government and the contracting community will be best positioned to address the critical risks to the nation’s supply chain.

    Previous ArticleNational Security Execs Talk Election Security
    Next Article Welsh, Carson, Anderson & Stowe to Acquire GovernmentCIO

    Related Posts

    Lucy Martin Leads PingWind’s Strategic Shift Toward Mid-Tier Growth & Emerging Tech

    2025 Chief Officer Awards Winner: Empower AI’s Pamela Rothka

    Top Health Care Execs to Watch in 2025: CGI’s Steven Sousa

    Comments are closed.

    LinkedIn Follow Button LinkedIn Logo Follow Us on LinkedIn
    2025 Chief Officer Awards - Winners Revealed
    Latest Industry Leaders

    Top Cyber Execs to Watch in 2025

    Top Chief Technology Officers to Watch in 2025

    Load More
    Latest Posts

    Lucy Martin Leads PingWind’s Strategic Shift Toward Mid-Tier Growth & Emerging Tech

    June 15, 2025

    2025 Chief Officer Awards Winner: B&A’s Jonathan Evans

    June 15, 2025

    2025 Chief Officer Awards Winner: Empower AI’s Pamela Rothka

    June 15, 2025

    Top Health Care Execs to Watch in 2025: CGI’s Steven Sousa

    June 15, 2025

    Top Health Care Execs to Watch in 2025: Guidehouse’s Sarah Garnett

    June 15, 2025
    Quick Links
    • Executive Councils & Committees
    • Chief Officer Awards
    • Pinnacle Awards
    • Advertise With Us
    • About WashingtonExec
    • Contact
    Connect
    • LinkedIn
    • YouTube
    • Facebook
    • Twitter

    Subscribe to The Daily

    Connect. Inform. Celebrate.

    Copyright 2023 © WashingtonExec, Inc. | All Rights Reserved. Powered by J Media Group

    Type above and press Enter to search. Press Esc to cancel.