Improving Cybersecurity Through Cross-Agency Collaboration
DHS is working to secure supply chains and leverage new standardization to protect IT networks.
Federal government leaders are looking to foster supply chain monitoring and cross-agency collaboration with the goal of bolstering public sector cybersecurity, particularly as a means of proactively identifying and correcting against key vulnerabilities.
These measures appear to be a dual response to the rapid pace of technological change as well as the deficits exposed by the recent SolarWinds breach that crossed multiple agency networks.
“We need to be thinking about security and protecting our assets,” said Department of Homeland Security Chief Procurement Officer Soraya Correa at the 2021 ACT-IAC Acquisition Innovation Forum. “The best way to do that is to have a good, strong mitigation plan. You have to understand the supply chain, you have to understand the elements of the supply chain and how they’re impacted. You have to understand where these products and services come from and how they could be accessed or touched in any way that could be vulnerable.”
Much of this centers on more rigorously evaluating the IT supply chain, particularly to notice and address potential weak links — a collaborative process occurring both within DHS and across the federal government as a whole.
“We work in partnership with our Cybersecurity and Infrastructure Security Agency, and we also work together with our CIO and others in our organization to make sure that we’re building security throughout the process, and that we are identifying the vulnerabilities and risks in our procurements and mitigating those to the best extent possible,” Correa said.
One of the most productive cybersecurity partnerships occurring across government appears to be forming between DHS and the Defense Department, particularly with a network security standardization process DHS is looking to share with private-sector partners.
“Many of our industry counterparts are asking if we’re going to adopt the Department of Defense’s Cybersecurity Maturity Model Certification,” Correa said. “Our chief information security officer is working directly with DOD, and we have a working group that consists of procurement, CISA and several other organizations to look at those processes and see how we can implement them at DHS.”
In addition to the adoption of the Cybersecurity Maturity Model Certification (CMMC), DHS is looking to establish a comprehensive means of evaluating the separate components that go into public sector software to prevent the vulnerability exploitation that allowed for the SolarWinds breach.
“A concept that’s being discussed quite a bit lately is the software bill of materials. The SolarWinds compromise kind of gave birth to this discussion. The software bill of materials is a list of all components that make up a potential software solution, including commercial software as well as open source software. And a bill of materials is used in supply chain risk management to assess vulnerabilities in a product or software solution. So again we’re looking at this concept and how we can use that in our processes to make sure we fully understand the composition of a software solution or a system solution,” Correa said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Facing Evolving Cybersecurity Challenges
Hear from federal cybersecurity experts discuss strategies for staying informed about the latest threats, tools and policies.
30m watch -
DHS Tabs Cyber and AI as Innovation R&D Priorities
The agency’s plan utilizes AI to better address future threats, secure critical infrastructure and improve workforce efficiency.
5m read -
The Opportunities and Challenges of Securing the 2024 Election
The 2024 presidential election is just under 50 days away, and federal agencies are reassuring voters’ concerns about election security.
4m read -
Advanced Computing Holds Promise for Health Care, Ethical Hurdles Remain
Researchers and government officials are creating policies to improve customer experience nearly a year after President Biden’s executive order on digital experience.
3m read