A cyber attack at the Patent Office led to increased eyes on supply chain risk

Date: On demand
Duration: 1 hour
Cost: No Fee

Many people think of cybersecurity as threats coming from the outside, but with the government relying on private companies to provide hardware and software, the very tools that agencies use could be a threat within themselves.

Supply chain issues are wracking the nation, but the government is also thinking about its supply chain in terms of what companies are providing goods and services.

The U.S. Patent...

READ MORE

Date: On demand
Duration: 1 hour
Cost: 
No Fee

Many people think of cybersecurity as threats coming from the outside, but with the government relying on private companies to provide hardware and software, the very tools that agencies use could be a threat within themselves.

Supply chain issues are wracking the nation, but the government is also thinking about its supply chain in terms of what companies are providing goods and services.

The U.S. Patent Office is one organization that pay particularly close attention to supply chain issues in order to keep clients proprietary information safe. Just recently, the Patent Office found a zero day vulnerability in one of its logging libraries, according to Stephan Mitchev, director of the Office of Application Engineering and Development and acting chief technology officer at the Patent Office.

That infiltration caused the office to look harder at its supply chain to see what could have been infected.

“Through observability and automation we’re able to look through all of our dependencies and all of our supply chain of libraries, and figure out precisely what the impacts are, and are being addressed,” Mitchev said as part of the discussion Securing the Government’s Digital Supply Chain sponsored by Sonatype. “You have to question you have to question everything that’s really the key of being secure and really smart in this world is really ask questions.”

Mitchev said the first thing he considers when working with a company is if that business is FedRAMP approved. FedRAMP is a government-wide authorization process that continuously monitors cloud products and other services.

“What we’re trying to do is ensure that companies are well funded, they have mature software, used by other agencies and other public companies in the private sector and it’s mutually validated,” Mitchev said. “We have seen as an industry, the benefit of using that kind of software and the upside of it. It’s really important, obviously, being a FedRAMP authorized company that your products are already developed within operated within the United States in an infrastructure that is secure, and you have a minimum set of security controls that that you maintain, and you have made the investments in actually doing that. We know the companies are taking security seriously.”

One idea that has been bantered about is requiring companies to provide an itemized list of the products and companies they use and work with to create a product.

Mitchev said something like that could be helpful to the Patent Office, but there may be better options as well.

“Any additional information that that enhances our supply chain security view is always welcome,” he said. “I’m a great open source supporter, I really believe in it. And while we using that, we using it a lot, we also ensure that all that software is also independently tested for all the software products that we would like to utilize to increase our security awareness and capabilities. Those products have to undergo security testing. It could be an itemized list. But it also could be working with an agency that has already done this with a company and we can share this information so we can review that that as well. That it’s actually even better. That way we don’t need to ask every company to provide that lists across we can actually centralize that. I think that may be maybe one of the good ways to expedite the adoption of those kinds of apps.”

Learning objectives:

  • Automation at USPTO
  • The Cybersecurity Workforce
    This program is sponsored by 

Complimentary Registration
Please register using the form on this page or call (202) 895-5023.

By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.

Featured speakers

  • Stephan Mitchev

    Director, Office of Application Engineering and Development and Acting CTO, U.S. Patent and Trademark Office 

  • Stephen Magill

    Vice President of Product Innovation, Sonatype

  • Scott Maucione

    Reporter, Federal News Network

The latest in Government Events powered by: