Hot Topics in Cybersecurity Day 2: Maintaining Supply Chain Security

After seeing first-hand the massive effects of supply chain disruption during the pandemic and the impact of accidentally using infected open-source software by software providers, state and local governments are aware of the risks of supply chain disruptions due to a cyber attack.

Agencies have to broaden their thinking about where risks may be encountered. For instance, cybersecurity experts see the Salt Typhoon incursion into several U.S. telecommunications companies’ networks as a supply chain attack, where the companies’ customers – especially all levels of government – actually are the intended victims.

The Executive Order issued in May 2021 setting forth requirements to improve national cybersecurity, included the requirement that any organization providing software to the federal government must also include a Software Bill of Materials (SBOM), but there is no nationwide policy that all state and local agencies require SBOMs from their software vendors.

Learning Objectives:

• Identify what policies, if any, your agency has in place to protect its supply chain
• Outline the most likely sources of corrupted software, such as freeware and open source code, currently used by your agency
• Review steps you can take to evaluate your vendors’ risk of being compromised