Cyber Supply Chain Risk Management and its Impact on Information and Operational Technology
Date & Time
Tuesday, November 9, 2021, 10:35 AM - 11:25 AM
Randall Brooks

In a growing interdependent cybersecurity market place, it is nearly impossible to develop every part or component in house. Traditional supply chain risk management only deals with a supplier’s ability to deliver a product on time and within budget, and separately cyber focuses on the trustworthiness of the product that was delivered. However, electronics are nearly entirely manufactured offshore and concerns have risen about their trust worthiness, given that may contain potentially malicious functionality. To complicate matters further, vendors themselves are procuring products, such as test systems or subtractive or additive manufacturing, and both end users and vendors now need to be concerned that the products they are using and producing are affected by Cyber Supply Chain Risk Management (C-SCRM).    

Key Takeaways:

  • An overview of recent cyber supply chain attacks.  
  • Observations from the industry on NISTIR 8276 key practices in C-SCRM.
  • An overview of NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
  • Understanding how does this impacts IT/OT.

Technical Level: Medium

Session Type
Main Conference Session