AFCEA Augusta-Fort Gordon Course: The National Security Strategy and Supply Chain Risk Management

Description

Approved for 1 CompTIA CEU: A+, Network+, Security+, Cloud+, CySA+, CASP, PenTest+, & Linux+; 1 CertNexus CFR CEC; 1 GIAC CPE

Objective:  To relate the vision and pillars of the 2018 National Cyber Security Strategy and their dependence on the security of our supply chain.  The audience should walk away with an idea of how the government and some industry members are addressing the vision, responses, and impacts.  This panel discussion should raise awareness of security risks as the government and industry work together on future acquisitions.

The Sept 2018 National Cyber Security Strategy is changing our national vision regarding Supply Chain Management due to security risks uncovered in the last few years.  Before we start the supply chain discussion, there are four pillars to the Sep 2018 National Cyber Security Strategy:

Pillar I:  Protect the American People, the Homeland and the American Way of Life  --  Objective:  Manage cybersecurity risks to increase the security and resilience of the Nation’s Information and Information Systems.

Pillar II:  Promote American Prosperity  --  Objective:  Preserve United States influence in the technological ecosystem and the development of cyberspace as an open engine of economic growth, innovation, and efficiency.

Pillar III:  Preserve Peace through Strength  --  Objective:  Identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests, while preserving United States overmatch in and through cyberspace.

Pillar IV:  Advance American Influence  --  Objective:  Preserve the long-term openness, interoperability, security, and reliability of the internet, which supports and is reinforced by United States interests.

While all pillars are important, and the Department of Defense plays a role in each, Pillars II through IV are extremely dependent on Pillar I.  Pillar I consists of securing federal networks and information, securing critical infrastructure and combating cybercrime and improving incident reporting – all of which are interdependent.  Supply Chain Risk Management plays a role in all the components of Pillar I. 

Our information security supply chain is currently under attack and has been under attack for some time.  Per a 2018 MITRE Study on “Deliver Uncompromised – A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War:” “Nation-State adversaries have exploited cyber and supply chain vulnerabilities critical to U.S. security for hostile purposes.  These include exfiltration of valuable technical data (in form of industrial espionage); attacks upon control systems used for critical infrastructure, manufacturing, and weapons systems; corruption of quality and assurance across a broad range of product types and categories; and manipulation of software to achieve unauthorized access to connected systems and to degrade the integrity of system operation.”

Our first panelist will be discussing security threats and risks in our Supply Chain plus tools available to combat security risks.  Our next three panelists will be discussing how The National Cyber Security Strategy’s vision applies to them, what their response will be and the impacts they envision. 

Short 10-minute question and answer session will follow the panel.

Tracks:

• 
  Augusta-Fort Gordon Chapter Courses
• 
  Continuing Education

Handouts

• The National Security Strategy and Supply Chain Risk Management