A top official at the Cybersecurity and Infrastructure Security Agency (CISA) said that we can expect to see “much more” guidance from agency cyber gurus in the coming months on Cybersecurity Supply Chain Risk Management (C-SCRM).
“Cybersecurity Supply Chain Risk Management is weighing on the minds of executives across all sectors and organizations right now,” said Michael Duffy, associate director of the Cybersecurity Division at CISA, during a Jan. 19 ACT-IAC webinar.
He emphasized, “These are perennial challenges that cause a lot of stress to our cybersecurity executives.”
Duffy explained that his agency has a duty to provide help to organizations by passing along real, sustainable, and effective guidance for good cyber hygiene.
When a cyber crisis occurs, it is CISA’s job to find ways to sustain the important efforts that come out of incident response, he said.
The agency is looking at ways to guide and train security teams in C-SCRM through centralization to help “lift the burden.”
“How do we standardize what’s being offered so we can do it once and share it many times?” Duffy asked.
The CISA official added that one of the most powerful tools the government has is to streamline the flow of information when one agency encounters cyber risks.
“Some of the greatest value we have is connecting the right people and allowing them to have conversations – making enough space so they can share lessons learned,” he said.
“Sharing those resources is a fantastic step forward,” Duffy said, adding, “We have a lot of passionate folks in government and industry working together.”
He also emphasized that collaboration with the private sector is critical. And not only has the Federal government been abundantly clear that its reliant on industry, but also how industry can lend a helping hand when it comes to C-SCRM.
“The broader IT community is on the same page about what’s important,” Duffy said. “That partnership is something that must continue to grow, and we have to continue to find ways that we are supporting each other’s processes.”