Event Recap: Securing the Cyber-Software Supply Chain

With the expanse of cyber and supply chain Executive Orders and the current reductions in the government workforce, agencies are left to “do more with less.” Travis Griffith with Keeper Security insists that, in addition to this, the “traditional layered cybersecurity solutions don’t stop data breaches. . .given that legacy solutions are usually focused on the border or the perimeter of the network, so you have inadequate visibility, security controls and compliance and reporting capabilities.” Furthermore, agency vendors who are tasked with solving these issues and addressing mandates are, according to Microsoft’s Oki Mek, “self-attesting” that they meet federal requirements and policy without unbiased, third-party verification. Despite these challenges, there are also solutions. Oki Mek adds that “in this administration, the supply chain topic is top of mind, along with AI and Zero Trust” and there is an extensive “opportunity for AI” with the “reduction in force. . .and push for efficiency.” These experts and others speak more specifically about how to apply cybersecurity to agency supply chains in this virtual conference. Details include:

• Supply Chain Resilience Case Study with NAVSEA (Naval Sea Systems Command)
• Defining “Supply Chain” and its related “elements” from a government operations perspective
• Benefits of investing in supply chain initiatives
• Challenges with supply chain initiatives and how to address them
• The intersection of AI and cybersecurity in the federal government
• How AI is being leveraged to enhance the security of software supply chains – both internally with Microsoft and for their clients
• Behind-the-scenes inner workings of the “Zero-Trust KeeperPAM Platform” and use cases on how it helps secure government supply chain data
• NIST’s “Due Diligence Assessments & C-SCRM: A Quick-Start Guide Overview”
• Due Diligence, Supplier Reviews and SCRAs
• Foundational cyber practices for both suppliers and products