Protecting the U.S. from Software Supply Chain Attacks (Part 1) - Supply Chain Council of European Union

In recent articles, we’ve written extensively about software supply chain attacks, including:

What they are and why they pose such a huge threat
Why the U.S. is still vulnerable to them despite several regulatory changes
Why current initiatives (including EO 14028) are unlikely to solve the problem

All of this leads to an obvious question: what should the U.S. do about supply chain attacks?

It’s Time to Regulate Technology Vendors

To adequately protect the U.S. economy, citizens, and critical infrastructure from software supply chain attacks, regulators should consider a legal mandate that requires technology vendors to implement:

A higher standard of cybersecurity in the development environment and across the business.
A robust risk assessment of their own supply chains to protect against similar threats.

These requirements should go beyond those laid out in EO 14028 and NIST SP 800-161. The following section outlines proposed requirements (Read more…)

It’s Time to Regulate Technology Vendors

How the supply and procurement function is strengthening its response to disruption

Cloud Supply Chain Management Market Size, Growth And Forecast

scceu

Related posts

Blue Yonder expands supply chain relationship with HEINEKEN | Digital Supply Chain

China has stronghold on the lithium-ion battery supply chain as EV demand soars

SUKU and DreamView Studios to bring supply chain transparency for the virtual world