The government has several initiatives underway to improve cybersecurity in the supply chain. Now an alliance of 200 international companies has launched an initiative of its own, partly to help members deal with federal mandates and get better on cybersecurity. For more, Federal Drive with Tom Temin turned to the president and CEO of the Global Business Alliance, Nancy McLernon.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Tom Temin: Ms. McLernon, good to have you on.
Nancy McLernon: Thanks so much for having me.
Tom Temin: And we should point out that this is not something that grew up in response to cybersecurity. The Global Business Alliance has been around for a long time.
Nancy McLernon: Right, Absolutely. So the Global Business Alliance started in 1990. We are the only trade association that exclusively represents the US operations of international companies across a really very wide variety of industries in the manufacturing space, and the services space.
Tom Temin: And just as a way of background, we should also point out that such companies have rules and laws under which they can legitimately get federal contracts by setting up firewalls and separate boards organized in the United States. And that’s how companies like Ericsson, Siemens and some of the well known international names can, in fact, work for the federal government. Correct way to put it?
Nancy McLernon: Right, absolutely. So whatever security protocols need to happen in order for these companies to do business here with our national security agencies, they absolutely do so. And these companies are not new investors in the United States, right? These companies — the majority of which come from allied nations, our friends and allies around the world — have been in the United States for many decades, some for more than a century. So these companies certainly are part of the fabric of our business community here. Their success here in the United States as part of the U.S. success story.
Tom Temin: Sure, and they have lots of Americans working for them here in the United States.
Nancy McLernon: Absolutely. They have about nearly 8 million Americans working for them. And, you know, our membership represents about 200 of them. And these are the largest of the foreign companies in the United States. The average foreign company employs about 1000 people; the average GBA member employs about 12,000 here in the United States, and our members come from 22 allied nations.
Tom Temin: Okay, let’s talk about cybersecurity because there is a lot going on in the federal government. I guess, the CMMC program — the Cybersecurity Maturity Model Certification program — has got a lot of contractors thinking about how to comply. Is that the main driver of this latest cyber initiative you got going?
Nancy McLernon: So you know, for the last few years, started under the Trump administration, and certainly continuing under the Biden ministration, we’ve seen more and more regulations coming online. The federal government’s national security apparatus is growing, as well as the threats are growing. And so our companies wanted to, of course, ensure that their supply chains, their cyber, had the highest level of integrity. So you know, obviously, they want to be leaders in the space. They know that, as international companies operating in multiple jurisdictions, making things from components sourced all over the world, that they can be a target. So they want to work collaboratively with the federal government to ensure the safety of our critical infrastructure. So the Global Business Alliance which is a trade association — we’re an advocacy group — launched a subsidiary called GBA Sentinel. And it’s through that subsidiary that we have partnered with a firm called Fortress Information Security, to provide state-of-the-art tools to ensure that integrity.
Tom Temin: We’re speaking with Nancy McLernon. She’s president and CEO of the Global Business Alliance. So this is partly to help companies comply with CMMC, but also to get sharper on cyber for all of the other initiatives. We’ve got this big, long 5000-word cybersecurity executive order, for example, and that’s affecting companies large and small.
Nancy McLernon: Yeah, right. Absolutely. And it’s something that you know, as I mentioned, that our companies not just want to comply, they want to be leaders in the space. And so we’re thrilled to have the opportunity to have GBA Sentinel partner with Fortress Information Security, because that firm — and we looked at a variety of firms, but we were extremely impressed with Fortress — they are the choice for many federal government agencies. Their supply chain risk management technology is above all the others that we spoke to. But in addition to complying with the rules that are out there, wanting to show that our companies absolutely want to be as helpful as possible in protecting our critical infrastructure. there’s a concern with our membership that, in fact, as foreign companies in the United States, they may be discriminated against in terms of federal contracts. And unfortunately, a couple of weeks ago, we saw that the National Reconnaissance Office made a policy decision to exclude the U.S. operations of foreign companies in bidding for some commercial remote sensing work. And with the idea that, I suppose, that either these companies don’t employ as many Americans or their security is not as strong — that’s just not the case. And while a policy like this seems like it’s promoting sort of American workers, it’s actually pitting American workers against other American workers, because we’re talking about the U.S. operations of foreign firms.
Tom Temin: And let me just ask you this: the firm’s that are in the Alliance, are they mostly European-headquartered? Do you have Chinese-headquartered firms, for example?
Nancy McLernon: No. So Europe is the largest investor in the United States, so European companies certainly make up the largest portion of our membership. I’d like to suggest that your listeners go to GBASentinel.com, to learn more about our subsidiary and then to learn more about our organization. It’s just globalbusiness.org.
Tom Temin: All right. The point is, it’s companies that have been here a long time, and not subsidiaries of Russian or Chinese or whatever types of countries where we do have some rivalry, both militarily, economically and in security.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Nancy McLernon: Sure, absolutely. And the ultimate ownership of a company shouldn’t be an indicator as much as each company doing any sort of national security work, needs to go through the same rigors as any other. And certainly my members have been meeting those riggers for decades.
Tom Temin: And this compliance tool, then, is available to all of your members. The Sentinel-developed product with Fortress — is it available for anyone that would like to try it, even if they’re not a member of the Alliance?
Nancy McLernon: Yes, certainly. Again, they can go to GBASentinel.com, learn more about it, contact me. And you know, we could set something up. The number of vendors that a large company has is you know, it’s enormous, right? And so while some of the regs that have come down, and executive orders and so forth, may have certainly a big impact on small and medium sized businesses, because of the cost of doing some of those things, a large business, like the companies in my membership, there’s just so many different vendors, and they need a tool to be able to efficiently look through. It’s getting harder to just rely on your vendors to provide us the information. You know, the term “trust but verify” definitely applies here. I think President Reagan made that famous Russian proverb, but that’s the situation we’re in. You know, companies certainly want to trust their vendors. But we’re in a time period now that that we need to verify.
Tom Temin: And I imagine the semiconductor shortage — the integrated circuit shortage — has everybody on edge, because if suddenly some new supply appeared, you would definitely want to verify that it is in fact made according to the standards we need and security for the electronics that go. And I imagine a lot of your members are manufacturers that rely on micro electronics for the heart of their product.
Nancy McLernon: Yeah, absolutely. You’re 100% correct. We also have a number of semiconductor manufacturers in our membership as well — Infineon, Bosch, TMC — and so it’s an issue for really so many of our member companies.
Tom Temin: Nancy McLernon is CEO of the Global Business Alliance. Thanks so much for joining me.
Nancy McLernon: Thanks so much.