Summary: April is Supply Chain Integrity Month, providing an opportunity for government, industry, and other stakeholders to increase collaboration and the sharing of best practices, risk mitigation strategies, and innovative solutions to safeguard supply chains from threats such as cyberattacks, counterfeiting, and disruptions. This year, CISA is promoting resources, tools, and information divided into four themes that help partners and stakeholders increase ICT supply chain resilience.
Analyst Note: WaterISAC continues to draw awareness to the importance of supply chain resilience and the impact that a robust supply chain security strategy can have on an organization’s overall security posture. As outlined in Fundamental 11 of WaterISAC’s 12 Fundamentals | Secure the Supply Chain: “Engaging with third-party vendors expands a utility’s attack surface whereby cyber threats can infiltrate a utility through its supply chain. Likewise, as third parties often have access to sensitive data/information, this necessitates regular assessments of third-party security postures. A supply chain or third-party risk management strategy helps identify and mitigate potential threats and contributes to maintaining operational integrity by reducing the risk of disruption to critical (operational or business) processes due to third parties.”
As Supply Chain Integrity Month continues, WaterISAC joins CISA In emphasizing their four themes to help increase information and communications technology (ICT) supply chain resilience. The four themes are:
- Week 1: Preparedness: Building an Effective Supply Chain Risk Management Program
- Week 2: Mitigation: Knowing and Mitigating Against Supply Chain Threats
- Week 3: Trust: Evaluating the trustworthiness of Vendors and Suppliers
- Week 4: Transparency: Securing Hardware and Software Across the Supply Chain
Original Source: https://www.cisa.gov/news-events/news/building-resilient-ict-supply-chains-8th-annual-supply-chain-integrity-month
Additional Reading:
- (TLP:CLEAR) Securing Software Supply Chain Vulnerabilities in Open-Source and Third-Party Dependencies
- Cyber Resilience – Securing the Supply Chain
Related WaterISAC PIRs: 6, 11, 12
