The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.
Some progress has undoubtedly been made with regard to securing the supply chain. The Defense Federal Acquisition Regulation Supplement (DFARS) NIST SP 800-171 supply chain program, for instance, introduced 109 stringent requirements for Defense Department suppliers dealing with sensitive government data—53 related to technology and 56 related to security policy.
But while DFARS applies to all contractors and suppliers regardless of size, it has not yet been fully implemented and it is not bulletproof. Still, it is a big step toward securing the supply chain at all levels.
Keep reading this article at: https://www.afcea.org/content/contractors-are-bulls-eye-hackers
See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/