Insight by Fortress Information Security

Standing guard against cyber supply chain attacks

This content is sponsored by Fortress Information Security.

On July 13th, The Global Business Alliance (GBA), which represents 200 major international companies with significant operations in the United States announced the formation of GBA Sentinel, a wholly-owned subsidiary to help its members gain use of tailored solutions utilizing Fortress Information Security’s industry-leading supply chain risk management compliance tools.

Bottom-line upfront:

“Given the scale of threat vectors facing America’s federal contractors, combined with the velocity of recent regulatory activity, we thought it is critical for international companies to help lead the way in safeguarding critical governmental systems and services. GBA Sentinel will give federal contractors access to the cutting-edge tools they need to efficiently audit and monitor their supply chains and digital assets. Not only will this help them meet the latest regulatory standards, it will also rapidly advance our nation’s effort to prevent future attacks.”

-Nancy McLernon, President and CEO of GBA.

Big picture:

We are facing the security challenge of our time–cyberattacks on Solar Winds, Colonial Pipeline, and Kaseya are costing companies millions – and the threats to U.S. manufacturers continue to challenge traditional thinking and resources.

The repercussions from these attacks have impacted companies beyond the boardroom (the ransomware attack on Colonial Pipeline forced many US consumers to pay higher gas prices for most of a week).

The fallout from one attack is felt beyond US borders (the supply chain attack on Kaseya, a company based in Ireland, hit several U.S. companies hard and forced the closure of supermarkets in Sweden).

By the numbers:

  • 48% of federal contractors have “severe vulnerabilities” in their cyber footprint.
  • 28% of federal contractors cannot even meet the most basic tier-1 CMMC requirements.
  • 80% of software components used in today’s applications come from third parties.

Regulatory environment:

“Understanding new supply chain cyber security requirements and regulations can be time consuming and costly without partners that grasp both the threat and regulatory environment and have done this at scale in US critical infrastructure. By partnering with GBA Sentinel, we are helping to proactively address many of the pain points GBA members will face in navigating this complex and constantly changing regulatory and cyber threat landscape.”

-Peter Kassabov, executive chairman and cofounder of Fortress Information Security

Supply chain risk-management is critical for industry and government alike. Policymakers have long been concerned with supply chain threats posed by secondary and tertiary suppliers. This has spurred a new wave of expansive regulatory action in the United States that is likely to continue for the foreseeable future.

Here are two regulations that federal government contractors cannot ignore:

  • PROHIBITED TELECOMMUNICATIONS – NDAA Sec. 889 requires government contractors to certify the products they sell the government are not supplied by certain Chinese companies. Part A prohibits the government from obtaining (through a contract or other instrument) certain telecommunications equipment (including video surveillance equipment) or services produced by covered entities and their subsidiaries and affiliates. Part B prohibits the government from contracting with any entity that uses certain telecommunications equipment or services produced by the entities listed in the statute.
  • CMMC CYBERSECURITY – The Cybersecurity Maturity Model Certification is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department of Defense’s industry partners’ networks.

The partnership:

This unique teaming demonstrates the emphasis that companies place on advancing our nation’s efforts to prevent future cyber supply chain attacks.

About GBA Sentinel – ​​GBA Sentinel is designed to help CISOs, VPs of Supply Chain, Heads of Federal Sales and other top executives address their cyber and supply chain vulnerabilities by connecting them with industry leading experts. GBA Sentinel gives GBA members premier access to the cutting edge tools they need to audit and monitor their supply chains and cybersecurity. We are proud to provide GBA members substantially discounted use of Fortress Information Security’s industry-leading supply chain risk management compliance tools. 

About Fortress Information Security – Fortress Information Security is at the leading edge in ensuring the technology you use won’t be used against you. Fortress uses its proprietary AI technology to allow companies to quickly assess their digital and physical supply chain for potential vulnerabilities. Traditional security programs consistently operate according to priorities and paradigms from past eras, resulting in antiquated and inadequate security systems. The Fortress Platform addresses supply chain risks through its comprehensive Integrated Supply Chain Risk Management Solution that integrates and orchestrates multidimensional risk analysis and remediation of supply chain, manufacturing, IT, InfoSec, corporate governance, and contract risks.

 

Comments

Sign up for breaking news alerts