Standing Guard Against Today's Cyber Threats

Standing Guard Against Today's Cyber Threats

This week the Biden Administration took another step towards shoring up broader government and industry cybersecurity by issuing a national security memorandum encouraging owners and operators of critical infrastructure to voluntarily adopt better standards.

The July 27 memorandum specifically addresses industrial control systems (ICS), which monitor, regulate, and automate operational technologies (OT) such as circuit breakers, motors, and valves. Compromised OT can be gateway for cyber criminals to cause widespread outages through physical damage.

July has been a busy cybersecurity month for the United States and its allies—in addition to this latest action, on July 19 an unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – joined the U. S. in exposing and criticizing malicious cyber activities on the part of China.

The July 19 statement declared, “our allies and partners are a tremendous source of strength and a unique American advantage, and our collective approach to cyber threat information sharing, defense, and mitigation helps hold countries like China to account.”

As the White House rightly notes, partnerships and cooperation are critical in facing and defeating this very real threat to our supply chains, critical infrastructure and way of life. In that spirit, the Global Business Alliance (GBA), which represents 200 major international companies with significant operations in the United States announced on July 13th the formation of GBA Sentinel, a wholly-owned subsidiary to help its members gain use of tailored solutions utilizing Fortress Information Security’s industry-leading supply chain risk management compliance tools. 

Bottom-line Upfront:

​​"Recent actions by the White House and by America’s allies are important first step in sending messages to China and other adversaries that malicious behavior won’t go unnoticed and will not be tolerated. An even clearer message will be when the United States and companies that make up the national security industrial base and America’s critical infrastructure take the needed steps to fully secure our supply-chains from adversary interference and manipulation. This is an effort that will require government and industry leadership and collaboration. Our team at Fortress is helping to identify cybersecurity and supply chain vulnerabilities, need for regulations and where industry can partner to have immediate and threat reducing effect."

--Peter Kassabov, executive chairman and cofounder of Fortress Information Security

Big picture:

“Given the scale of threat vectors facing America’s federal contractors, combined with the velocity of recent regulatory activity, we thought it is critical for international companies to help lead the way in safeguarding critical governmental systems and services. GBA Sentinel will give federal contractors access to the cutting-edge tools they need to efficiently audit and monitor their supply chains and digital assets. Not only will this help them meet the latest regulatory standards, it will also rapidly advance our nation’s effort to prevent future attacks.”

--Nancy McLernon, President and CEO of GBA. 

We are facing the security challenge of our time--cyberattacks on Solar Winds, Colonial Pipeline, and Kaseya are costing companies millions – and the threats to U.S. manufacturers continue to challenge traditional thinking and resources.

The repercussions from these attacks have impacted companies beyond the boardroom (the ransomware attack on Colonial Pipeline forced many US consumers to pay higher gas prices for most of a week).

The fallout from one attack is felt beyond US borders (the supply chain attack on Kaseya, a company based in Ireland, hit several U.S. companies hard and forced the closure of supermarkets in Sweden).

By the Numbers:

- 48% of federal contractors have "severe vulnerabilities" in their cyber footprint.

- 28% of federal contractors cannot even meet the most basic tier-1 CMMC requirements.

- 80% of software components used in today’s applications come from third parties.

Regulatory Environment:

“Understanding new supply chain cyber security requirements and regulations can be time consuming and costly without partners that grasp both the threat and regulatory environment and have done this at scale in US critical infrastructure. By partnering with GBA Sentinel, we are helping to proactively address many of the pain points GBA members will face in navigating this complex and constantly changing regulatory and cyber threat landscape.”

--Peter Kassabov, executive chairman and cofounder of Fortress Information Security

Supply chain risk-management is critical for industry and government alike. Policymakers have long been concerned with supply chain threats posed by secondary and tertiary suppliers. This has spurred a new wave of expansive regulatory action in the United States that is likely to continue for the foreseeable future.

Here are two regulations that federal government contractors cannot ignore:

  • PROHIBITED TELECOMMUNICATIONS - NDAA Sec. 889 requires government contractors to certify the products they sell the government are not supplied by certain Chinese companies. Part A prohibits the government from obtaining (through a contract or other instrument) certain telecommunications equipment (including video surveillance equipment) or services produced by covered entities and their subsidiaries and affiliates. Part B prohibits the government from contracting with any entity that uses certain telecommunications equipment or services produced by the entities listed in the statute.
  • CMMC CYBERSECURITY - The Cybersecurity Maturity Model Certification is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department of Defense's industry partners' networks.

The Partnership:

This unique teaming demonstrates the emphasis that companies place on advancing our nation’s efforts to prevent future cyber supply chain attacks.

Event:

To hear more about the importance of partnerships like these and additional information about the importance of cybersecurity in the protection of our supply chain, please attend the Fortress-sponsored conference with the Govmates Institute of Procurement. Sucker Punch: Re-evaluating your Supply Chain will take place Aug. 11th from 8:00am EST to 1:00pm EST. Mr. Christopher Cleary, Principal Cyber Advisor for the Department of the Navy, will provide opening keynote remarks.  Breakfast and a networking lunch are included in the registration fee. Register hereMr. Cleary’s biography is available here.

ABOUT GBA SENTINEL - ​​GBA Sentinel is designed to help CISOs, VPs of Supply Chain, Heads of Federal Sales and other top executives address their cyber and supply chain vulnerabilities by connecting them with industry leading experts. GBA Sentinel gives GBA members premier access to the cutting edge tools they need to audit and monitor their supply chains and cybersecurity. We are proud to provide GBA members substantially discounted use of Fortress Information Security’s industry-leading supply chain risk management compliance tools.

ABOUT FORTRESS INFORMATION SECURITY -  Fortress Information Security is at the leading edge in ensuring the technology you use won't be used against you. Fortress leverages AI and its proprietary technology to allow companies to quickly assess and monitor their digital and physical supply chain for potential vulnerabilities. Traditional security programs typically operate according to priorities and paradigms from past eras, resulting in antiquated and inadequate security systems. To put it simply, compliance is not security. The Fortress Platform addresses supply chain risks through its comprehensive Integrated Supply Chain Risk Management Solution that integrates and orchestrates multidimensional risk analysis and remediation of supply chain, manufacturing, IT, InfoSec, corporate governance, and contract risks.

 
Standard