Cybersecurity and supply chain risk management

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

In May the White House issued the Executive Order on Securing the Information and Communications Technology and Services Supply Chain. This carefully worded document didn’t specify any particular firm, but everyone knew that they were talking about the Chinese company Huawei.

Head shot of John Zanni
John Zanni, CEO, Acronis SCS

The White House was responding to rumors about companies placing components in hardware that could compromise communication systems. Essentially, can the supply chain for hardware manufacturing be safe?

John Zanni is the CEO at Acronis SCS and he joined host John Gilroy on this week’s Federal Tech Talk to discuss cybersecurity with an emphasis on supply chain risk management. The discussion moves from hardware getting compromised to software.

Today, much software is not written from “scratch.” Frequently, developers rely on blocks of code from software repositories or libraries. They have also seen a movement towards low code and no code systems for enabling a software solution.

Zanni asked the obvious question: Who do you trust? You could inadvertently be bringing malicious code into your system. It is one thing to do this for a small company; it’s a completely different situation for a federal agency.

During the interview, Zanni talked about standards, source code reviews and managing risk. For anyone assuming all the code they connect is safe, think again.

Related Stories


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.