Cybersecurity

Supply Chain Cybersecurity Task Force Created

The Defense Industrial Base Sector Coordinating Council (DIB SCC) announced today the chartering of the Supply Chain Cybersecurity Industry Task Force to identify, prioritize, oversee and drive adoption of implementable solutions to protect controlled unclassified information throughout the supply chain. 

The Defense Industrial Base (DIB) Sector Coordinating Council (DIB SCC) serves as the primary private sector policy coordination and planning entity for the DIB to discuss cybersecurity, physical security, insider threat and issues that affect the resiliency of the DIB. The DIB SCC sustains the security, resilience, and critical infrastructure protection advances of the U.S. Defense Industry, both as an industry coordinating body within the DIB sector, and in partnership with the Department of Defense (DoD) as the designated Sector Specific Agency (SSA) for the DIB. The DoD's counterpart to the SCC is the DIB Government Coordinating Council (DIB GCC).

According to the announcement, Mike Gordon, Chief Information Security Officer (CISO) for Lockheed Martin, chairs the DIB SCC.  Gordon explained, "This task force will use the DIB SCC construct to serve as a focal point for industry collaboration across the supply chain, leveraging input and efforts from small to large companies.  Our objective is to help identify and implement adversarial-focused solutions that enhance the cyber posture of companies throughout the multi-tier supply chain."

"We recognize that nation states and other attackers are aggressively targeting suppliers at all tiers of the DIB supply chain in an effort to steal or alter intellectual property and DoD information residing on company networks," said J.C. Dodson, Vice President, Cybersecurity and Global CISO, for BAE Systems. "This task force will help to ensure the appropriate level of collaboration to eliminate vulnerabilities and protect critical national security information."

It appears that formation of this task force marks the continued evolution of information sharing and collaboration within the defense industry, but sharply focuses on supply chain cyber security activities and will serve as an on-going mechanism to drive change to improve the resilience of the DIB. 

 

Subscribe to SAE’s growing collections of standards, papers, journals, books, and more for:

 

The announcement quotes Dr. Michael Papay, Vice President and CISO for Northrop Grumman Corporation (NGC):

"By creating a focused construct for repeatable idea generation, and a trial and execution engine under the DIB SCC, industry will better be able to coordinate and partner with DoD task forces and agencies focused on the same problem," said Dr. Michael Papay.

According to the DIB SCC, Initial focus areas for the task force include evolving requirements to focus on advanced persistent threat (APT) tactics, enhancing oversight and accountability, driving implementation of paradigm changing approaches and establishing enduring partnerships across industry and with the DoD. 

Jeff Brown, Vice President and CISO, Raytheon Company, observed, "There is no one single solution that can secure the supply chain. We need to bridge potential technical solutions and multi-tier implementation approaches to enhance protections throughout the supply chain."

Task Force members are comprised of small, medium and large companies who form the DIB SCC.  Founding members of Task Force are BAE Systems, Boeing, Lockheed Martin, Northrop Grumman and Raytheon.  "The importance of working together to address this issue cannot be understated, input from companies of all sizes is important to ensuring proposed approaches will actually work" said Scott Regalado, Sr. Director, Information Security and Boeing Sr. leadership representative, Boeing Company, the release stated.

Steve Shirley, Executive Director, National Defense Information Sharing and Analysis Center (NDISAC) pointed out that US national policy for critical infrastructure protection encourages the creation of sector coordinating councils (SCCs) and counterpart US Government coordinating councils (GCCs). 

Shirley, who is also SCC Vice Chairman, noted the underlying policy affords an exemption to the Federal Advisory Committee Act, and is a means to conduct iterative dialogs to drive collaborative solutions between Government and Industry. "There's a higher potential for an optimal outcome when there is a collaborative process," Shirley emphasized. The DIB SCC is nested within the NDISAC for administrative and staff support.

Matt De Reno is SAE MOBILUS web portal manager at SAE International. His interests include automated and connected vehicles, micromobility, smart cities, and automotive cybersecurity.