Trideum Corporation and Fortress Information Security will team up to give a presentation at the National Cyber Summit (NCS) taking place in Huntsville, AL from 20-21 September 2023. The presentation, Attacking the Cyber Supply Chain Problem at Its Source – Shifting Way Left!, will focus on the consideration of cyber security when developing requirements for government contracts. While tailored to the DoD, this presentation is applicable to all lawmakers, government organizations, and stakeholders overseeing the contracting and acquisition of government solutions and services. Its aim is to bring together these groups along with industry and academia to ensure the critical risks to our cyber supply chain are appropriately addressed.
Presentation Description
The Acquisition Community represents the frontline for supply chains across the Department of Defense (DoD), yet these professionals frequently fail to incorporate needed language in government contracts to mitigate cybersecurity risks. They also struggle to ensure program managers have visibility into the supply chain supporting their program of record (POR)—allowing cybersecurity risks to go unnoticed throughout the POR’s lifecycle or until a significant event occurs (e.g., the SolarWinds breach). Regrettably, these failures occur despite a growing awareness that America’s supply chain represents a large and significant attack vector for its adversaries.
While there is no easy fix for the DoD’s supply chain concerns, a regulation or law mandating cyber supply chain risk management (C-SCRM) during the nascent stages of requirements development is a logical next step. Not only will robust C-SCRM activities provide visibility into a POR’s supply chain, but sound practices will also better equip program managers to budget for and address cybersecurity risks throughout the program’s lifecycle. Treating supply chain cybersecurity like other traditional requirements will also relieve contracting professionals from the burden of addressing this crucial topic ex post facto because procurement language would include C-SCRM from the outset.
In this presentation, we explain what C-SCRM is, why it is needed, some regulations and policies that influence it, and substantial gaps that result in urgent challenges for cybersecurity in DoD’s government acquisitions. In response to supply chain gaps, we cover how legislative and regulatory support can ensure rigorous C-SCRM requirements are included during the early stages of contracting and aid the DoD’s acquisition community to address cybersecurity risk throughout the lifecycle of a POR. As a part of this discussion, we highlight how a pilot at Redstone Test Center (RTC) can serve as an exemplar for future DoD contracting efforts to address C-SCRM.
Speakers
One-to-One Interaction
Stop by booth #408 to chat with cyber technology experts
and learn about Trideum’s niche cybersecurity capabilities.
Learn about our systems from live demos (see below).
Send us a request to meet in person at NCS.
Live Demos at National Cyber Summit
Cyber Table Top Tool (CT3)
Trideum Corporation’s Cyber Table-Top Tool (CT3) allows program managers to quickly identify potential cyber vulnerabilities and prioritize testing efforts. CT3 provides an innovative and automated approach to the DoD’s Cyber Table-Top (CTT) exercise. This approach is unique because CTTs have traditionally been executed using hand-written notes or multiple spreadsheets to compile the information necessary to make informed decisions. Although CT3 was originally built for use by the Redstone Test Center, this product has been gaining more attention from the cyber community; it continues to expand in capability to meet the needs of a broader range of customers.
Fortress Platform
Cybersecurity breaches can happen anywhere in your online environment. Fortress provides a holistic view of your cybersecurity risk throughout your entire IT and OT ecosystem and its extended supply chain. The Fortress platform allows you to manage your perimeter, manage your risks, prioritize those risks and create a plan that helps mitigate security breaches.
Data Acquisition System (DAS)
For operational testing (OT) of instrumented systems, developmental testing (DT), and training. DAS is a ruggedized, cost-effective, lightweight, small footprint, modular, and self-powered system that supports independent capture and real-time streaming of data from systems under test (SUTs), e.g., untethered vehicles.
Leopard
A next-generation data warehouse and visualization capability, that brings near real time data & Full Motion Video (FMV), analytics, visualization and reporting in one end-to-end solution.
