@Risk

Focused on supplier risk issues for business leaders

Federal Agencies at Risk From Dependence on Global IT Supply Chain

March 28, 2012 | No Comments →

In order to carry out their operations, federal agencies often rely on IT components manufactured overseas. But, a new report from the Government Accountability Office (GAO) warns that this growing dependence on a global IT supply chain introduces multiple risks to sensitive federal information systems.

For example, the report says federal agencies are vulnerable to:

  • Installation of malicious logic on hardware or software
  • Installation of counterfeit hardware or software
  • Failure or disruption in the production or distribution of a critical product or service
  • Reliance upon a malicious or unqualified service-provider for the performance of technical services
  • Installation of unintentional vulnerabilities on hardware or software (more…)

Senator Describes How Counterfeit Parts Can Become Part of Department of Defense Supply Chain

November 14, 2011 | No Comments →

The US Department of Defense has concerns about counterfeit parts in its supply chain and is now taking additional steps to ensure that its equipment and parts are authentic.

According to the American Forces Press Service, the DOD has implemented a quality assurance process to identify material that doesn’t conform to standards and determine which ones are counterfeit.

For the DOD, most of the problem appears to center on previously used parts sold as new. As Senator Carl Levin (D-Mich.) explains in a statement:

In some industries, the term “counterfeit” suggests an unauthorized fake, a knock-off of an original product. The definition of counterfeit, as it relates to electronic parts, which has been endorsed by the Department of Defense and defense contractors alike includes both fakes and previously used parts that are made to look new, and are sold as new. Previously used parts sold as new parts present a significant risk because, while they may pass initial screening, they are far more likely than new parts to exhibit reliability and performance problems later on when deployed in the field.

Sen. Levin chairs the Senate Armed Services Committee (SASC) which this year began an investigation of counterfeit electronic parts in the DOD supply chain. In his statement, made at a SASC hearing last week, he goes on to describe how e-waste is shipped into Chinese cities like Shantou in Guangdong Province where the electronics are disassembled by hand. Then, they undergo a sophisticated unsecured counterfeiting process. Again, from Sen. Levin: (more…)

DHS and WCO Partner to Strengthen Global Supply Chain Security

January 14, 2011 | Comment (1)

The Department of Homeland Security (DHS) is now focused on increasing the security of the global supply chain, and to that end, Secretary of Homeland Security Janet Napolitano announced last week that DHS has launched a new partnership with the World Customs Organization (WCO).

During her remarks at the European Policy Centre, Secretary Napolitano discussed the three main elements of this international collaborative effort:

  • Preventing terrorists from exploiting the global supply chain to plan and execute attacks,
  • Protecting the most critical elements of the supply chain system, such as transportation hubs and related critical infrastructure, from attacks and disruptions and
  • Building the resilience of the global supply chain to ensure that if something does happen, the supply chain can recover quickly.

“Securing the global supply chain is part and parcel of securing both the lives of people around the world, and the stability of the global economy,” said Secretary Napolitano. “The United States is committed to working with our international partners and the private sector to keep this powerful engine of commerce, jobs, and prosperity from being attacked or disrupted.”

In 2011, DHS plans to work with international partners to: (more…)

Is Your Cyber Supply Chain Secure?

December 08, 2010 | Comments (2)

While the WikiLeaks saga is unfolding across the globe, it seems only fitting to take another look at risks in cyber supply chain security.

Unfortunately, though, the news is not at all reassuring –even among organizations that play a vital role to national security.

A new research report, released late last month by the Enterprise Strategy Group (ESG), found that many of the 18 industries designated as “critical infrastructure” by the United States Department of Homeland Security are woefully lacking in cyber supply chain security.

For example: (more…)

Newly Released Details of National Cybersecurity Initiative Reveal Focus on Global Supply Chains

March 04, 2010 | No Comments →

Earlier this week, in keeping with the Obama administration’s renewed commitment to transparency, White House Cybersecurity Coordinator Howard Schmidt directed the release of a summary description of the largely classified Comprehensive National Cybersecurity Initiative.

(This initiative, officially known as the National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, was originally established by the Bush administration back in January 2008.)

The five-page declassified document outlines twelve major proposals designed to help secure the United States in cyberspace, and it’s significant that among this list of a dozen priorities there’s recognition of the growing risks associated with today’s complex global supply chains, particularly those in the commercial information and communications technology marketplace.

From the summary description: (more…)