Jump to content
Sign in to follow this  
Tom.Conkle

NIST Cyber Supply Chain Risk Managment Workshop

Recommended Posts

On October 1, 2015, NIST initiated a two day workshop on Cyber Supply Chain Risk Management. The workshop provided an opportunity for industry, acedemia, and government to discuss challenges and best practices in cyber SCRM. The first day featured two panels that initiated the discussion on cyber SCRM that led to breakout sessions that allowed participants to collaborate on the topics.

 

The first panel provided an overview on how cyber suply chain risk are managed within the panelists' organizations: Johnson & Johnson, Northor Gruman, Verizon, and Intel Corp. Each panelist provided an overview of how cyber SCRM is addressed in their organizatin and techiques they have implemented to inform executives of cyber supply chain risks. The second panel discussed Organiational Strategies to SCRM. This panel featured panelist from organziations that have robust, but different approaches for addressing Cyber SCRM within their organizations. The panelists from Cisco Systems, John Deere, Johnson & Johnson, and Schweitzer Engineering Laboratories (SEL) described their approaches for communicating cybersecurity concerns within the supply chain to their executives as well as their approach for monitoring their suppliers. Many panelists expressed the requirement to audit suppliers to ensrue they are operating with similiar cybersecurity protections as they expect for their own organization. Deere specificially addreesed a need to protect their brand name by ensuring they understand the value chain of their suppliers. This understanding is developed through continuous auditing for suppliers production, quality,and cybersecurity capabilities.

 

After the two panels, workshop attendees were provided and opportunity to discuss these topics in breakout sessions. The breakout sessions provided attendees an opportunity to comment on their organizations approach to SCRM, identify additional best practices, and confirm current gaps in SCRM. The breakout sessions idenified several gaps within SCRM. The gaps included a general lack of education and awareness of SCRM risks within their organization, the perception that cyber is a IT risk and not a supply chain risk, and a general lack of participation at the executive and board level of organizations.

 

NIST also identified several SCRM case studies that they completed. The case studies are available at the NIST SCRM site at: http://www.nist.gov/itl/csd/best-practices-in-cyber-supply-chain-risk-management-october-1-2-2015.cfm. The case studies identify the current SCRM practices within ~20 leading companies. They provide organizations an understanding of what others are doing and provide a sample for how SCRM can be implemented within their organization. NIST will also provide a summary of the workshop and additional guidance to industry based on the information obtained during the workshop to further help organizations get started or improve their SCRM processes.

 

What are your thoughts from the workshop?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×