With the Federal government placing more and more emphasis on supply chain security, harmonizing various efforts to reduce confusion is an important step towards better regulation, said Grant Schneider, former Federal CISO, and now senior director of cybersecurity services at Venable.
Schneider, who left his role as Federal CISO in August, pulled from his experience as part of the Federal Acquisition Security Council (FASC) in suggesting that supply chain efforts at different agencies – like the Cybersecurity Maturity Model Certification (CMMC) at the Department of Defense or supply chain rules out of the Department of Commerce – would benefit from closer collaboration in their standards.
“I think one of the challenges we’re going to have is that other entities in the government are doing similar or slightly different assessments – how are those aligned, what do they start to look like together and what is the landscape going to look like?” he asked. “They’re being developed somewhat in conjunction with each other, but also I would candidly say somewhat independently,” he said today at the CISQ Cyber Resilience Summit.
In a similar vein, Schneider stated that he expects more supply chain efforts to come from Congress and the executive branch regardless of the outcome of the November elections. He encouraged folks to comment on the rules still in draft form to help them address this issue.
“I’m hoping that as [more efforts occur], we’ll see more harmonization around how supply chain assessments are done, and that we will see supply chain assessment become a little more of a science than an art,” he said.
Schneider noted that developing the standards for supply chain assessments within FASC took a year and a half, and that while the rule is still in interim form, it presents an opportunity to create an ongoing structure across the Federal enterprise.
“One of things that when I was in government – and still now – was excited about is that it is a very systemic and enduring approach on how to assess risk,” he noted.
Outside of FASC, Schneider also emphasized the role of 5G wireless services in the future, and the National Strategy to Secure 5G. He spoke on the four lines of effort within the plan, and noted the importance of 5G on bringing attention to the supply chain, and the economic potential of the technology.