Protecting the U.S. from Software Supply Chain Attacks (Part 1) - Supply Chain Council of European Union

In recent articles, we’ve written extensively about software supply chain attacks, including:

What they are and why they pose such a huge threat
Why the U.S. is still vulnerable to them despite several regulatory changes
Why current initiatives (including EO 14028) are unlikely to solve the problem

All of this leads to an obvious question: what should the U.S. do about supply chain attacks?

It’s Time to Regulate Technology Vendors

To adequately protect the U.S. economy, citizens, and critical infrastructure from software supply chain attacks, regulators should consider a legal mandate that requires technology vendors to implement:

A higher standard of cybersecurity in the development environment and across the business.
A robust risk assessment of their own supply chains to protect against similar threats.

These requirements should go beyond those laid out in EO 14028 and NIST SP 800-161. The following section outlines proposed requirements (Read more…)

It’s Time to Regulate Technology Vendors

How the supply and procurement function is strengthening its response to disruption

Cloud Supply Chain Management Market Size, Growth And Forecast

scceu

Related posts

‘Modern-Day Slavery’: How Coronavirus Could Devastate Supply Chain Workers

World Vision: digitalising operations to help the vulnerable | Company Report – Supply Chain Digital – The Procurement & Supply Chain Platform

iPhone 12 Likely to Launch in the Fall Despite Supply Chain Constraints: Bloomberg