Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

12/09/2014

CERT to Hold Symposium on Managing Supply Chain Cybersecurity Risk

Incidents Highlight Concerns over Supplier Security Practices

Pittsburgh, Pa., December 9, 2014—Cybersecurity risks of complex global supply chains for information and communications technology (ICT) are increasing. To address this important issue, the CERT Division of the Software Engineering Institute at Carnegie Mellon University will hold a free Symposium on Supply Chain Risk Management Thursday, January 15, 2015, at the SEI office in Arlington, Va.

Supply chain risk management (SCRM) addresses problems such as breaches of confidential information and the risks organizations face because of their external dependencies for the ongoing use and sustainment of ICT—the so-called service supply chain.

The CERT symposium will examine these threats. Speakers will include

  • U.S. Congressman Mike Doyle, 14th District of Pennsylvania
  • Alan Levine, chief information security officer, Alcoa
  • Jon Boyens, senior adviser, Computer Security Division, National Institute of Standards and Technology (NIST)
  • Roberta Stempfley, deputy assistant secretary for cybersecurity and emergency communications, Department of Homeland Security

Symposium participants will explore the commonalities between SCRM in the government and private critical infrastructure. Speakers and panels will explore SCRM challenges across the DoD, federal civilian agencies, and private industry; examine the increasing focus on supply chain risk and what it means; introduce leading management practices; and explain methods organizations can use to assess their capabilities.

Recent incidents, such as the Target breach, the HAVEX series of attacks on the energy infrastructure, and the recently disclosed series of intrusions affecting Department of Defense (DoD) TRANSCOM contractors, highlight supply chain risk management as a cross-cutting cybersecurity problem.

SCRM focuses on managing the risks of depending on external entities to support key services or mission capabilities. These external dependencies may consist of vendors that provide equipment, cloud services such as data processing or storage, or public infrastructures like transportation channels or the electric grid.

SCRM has increasingly become an area of concern for both the federal government and private critical infrastructure providers. Many defense capabilities and critical infrastructure services depend on complex supply chains outside the direct control of the organization that is ultimately accountable.

Attendance at the symposium is limited to 150 participants. There is no fee, but registration is required. For more information or to register, visit http://www.cert.org/scrm/.

About the Software Engineering Institute
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Division of the SEI is the world's leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit http://www.cert.org.

Media Contact
Richard Lynch
Software Engineering Institute
public-relations@sei.cmu.edu
412-268-4793

Media Contact

If you are a member of the media or analyst community and would like to schedule an interview with an SEI expert, please contact:

SEI Public Relations
Richard Lynch
Media Line: 412-268-4793
Email: public-relations@sei.cmu.edu

For other useful information sources, please visit the Contact Us page.

SEI Bulletin