Although the Cyber Threat Intelligence Integration Center, recently established by the White House, is a welcome development, for businesses, it’s the supply chain that is the prime target of cyber attacks — according to Sandor Boyson, research professor and co-director of the Supply Chain Management Center at the University of Maryland’s Robert H. Smith School of Business.
Boyson, an appointee to the U.S. Secretary of Commerce's Advisory Committee on Supply Chain Competitiveness, says the move means the government sees the need to discover and respond to cyber threats on "all fronts." He asserts it’s also "crucial for private industry leaders to pursue a similar real-time response capability," according to a University of Maryland statement.
Cyber-securing the supply chain means securing the IT systems, software and networks that globally connect suppliers, manufacturers and retailers. Dangers include malicious tampering, data theft and counterfeiting.
The supply chain "is Ground Zero for several recent
|
cyber breaches," the researcher said. "Hackers prey on vendors that have remote access to a larger company's global IT systems, software and networks. In the 2013 Target breach, the attacker infiltrated a vulnerable link: A refrigeration system supplier connected to the retailer's IT system."
The professor said the cyber supply chain is as fragmented and stove-piped today as the physical product supply chain was in the early to mid-1990s. On the strategic side of risk management, just half of the 200 companies he and his team surveyed used a risk board or other executive mechanisms to govern the risk to their IT systems.
Boyson has co-developed a three-part formula using a Cyber Risk Management Portal developed with NIST funds. The statement notes he is collaborating on the study and portal design with center co-director Thomas Corsi, research fellow Hart Rossman, and Smith School Chief Information Officer Holly Mann. "Most of these companies also do not use automated business rules and sensor-driven responses to dynamic IT threats."
|