Category Archives: Supply Chain Management

Accelerating Mission Success with Technology

Posted on by
Reply

The pandemic triggered disruptions to supply chains, workforce management and other daily government operations. Rather than abating, those challenges have continued to evolve. The war in Ukraine has brought new security concerns, and financial uncertainties have made it even more imperative for government agencies to be able to pivot quickly. Digital transformation is essential to meet such ever-changing, unpredictable demands. Flexible, cost-effective technology solutions enable government agencies to analyze data for better decision-making in areas as diverse as cybersecurity, public health and military operations. Investments in modern technologies have the added benefit of making government work more attractive to talented professionals with innovative ideas and a willingness to try new approaches. Such people are a crucial element of any digital transformation. Learn how you can rethink every aspect of operations in ways that spur innovation and advance the ability to respond to new challenges and opportunities as quickly as they arise in Carahsoft’s Innovation in Government® report.

 

How Connected Data Heals the Post-COVID Supply Chain

“Public-sector leaders need to think big, start small and scale fast. The best approach is to pick a chunk of the business that is consequential and show everyone incremental results. Executive buy-in is also important but sometimes comes later, after several bottom-up iterations that are so successful they are impossible to overlook. The National Telecommunications and Information Administration’s new grants portal is an excellent example. The end-to- end, FedRAMP-authorized system gives NTIA and its customers the digital tools they need to apply for broadband grant programs and support the government’s management of the projects funded with the grants.”

Read more insights from Maj. Gen. (Ret.) Allan Day, Ph.D., Vice President of Logistics/Sustainment of Global Public Sector at Salesforce.

 

Technology Expands Access and Reduces Public Health Service Challenges

FCW May Mission Success Technology Blog Embedded Image 2023“Digitization helps health workforce challenges as well as addressing the service backlog and supporting expanded access. Digital service delivery is far more efficient, freeing up clinician time to deliver health care in-person for patients who are unable or unwilling to access services digitally or when virtual encounters are not the most appropriate channel. And digitization done well provides rich, real-time data to better understand gaps and inequities and thus improve digital services and inform timely program and policy development.”

Read more insights from Karen Hay, Digital Transformation Leader of Global Public Health at Salesforce.

 

What the Talent Shortage in Aerospace and Defense Companies is Really Telling Us

“Quick wins are essential. Quick wins are the battles in the bigger war of transforming your organization. These are the smaller localized wins within business units outside of large enterprise changes. They become easy-to-understand success stories that give teams a taste of how a transformed organization can thrive. They are powerful social proof that leaders can use to educate and inspire.”

Read more insights from Mike Mulcahy, Digital Transformation and Strategy Development Leader for Global Public-Sector Aerospace and Government System Integrators at Salesforce.

 

How Digitizing Infrastructure Protects Against a New Generation of Cyberattacks

“Chicago’s 311 call center is an excellent example of transformation in action. It is the point of entry for residents, business owners and visitors to access information about city programs, services and events. Chicago 311 allows citizens to access that information without long hold times and with minimal impact on staff. Since its launch, Chicago 311 has become an essential resource for activities as varied as simple informational inquiries and requests for tree trimming and pothole repairs. More broadly, the service has shown how the right cloud platform can transform the traditional call center into a modern contact center that unlocks everything from back-office information to self-service capabilities across a single, secure and connected experience.”

Read more insights from Paul Baltzell , Vice President of Strategy and Business Development for State and Local at Salesforce.

 

Empowering Citizens Through Platform Investments

“CIOs are facing the challenge of how to modernize by using platform technology. Most have moved into the cloud, but modernizing with a platform is a new way of thinking. It means deciding which platforms to adopt and which use cases to build onto these platforms. Modernization means reducing the technology stack. When agencies choose the right platform, they benefit from the use cases that are already on it so they don’t have to start from scratch.”

Read more insights from Scott Brock, Vice President of Strategy and Business Development for State and Local at Salesforce.

 

How Technology Investments Can Help Close the Talent Gap

“A November 2022 memo from the Office of the Secretary of Defense confirmed the seriousness of the situation with respect to retention after return-to-work policies went into effect. Focusing on our nation’s cybersecurity priorities, the statement called for expanding the workforce through apprenticeship programs and other nontraditional means of closing the talent gap. There is a solution: with the right investment in technology and talent, leaders can manage through the current challenges and achieve a posture where positive change is a constant, iterative and accepted part of the landscape.”

Read more insights from Dr. Michael Parker, Vice President of Business Development at Salesforce.

 

Download the full Innovation in Government® report for more insights from IT modernization thought leaders and additional industry research from FCW.

How CISOs Can Come to Grips With a New Priority – Securing the Supply Chain

Posted on by
Reply

Software supply chain hacks are now the most prevalent form of cyberattack. According to the latest Verizon Data Breach Investigations Report, 62% of system intrusion incidents came through a third-party, highlighting the difficulties that many organizations – including federal agencies – face in securing their supply chain. A recent flurry of legislative activity demands that CISOs step-up their supply chain due diligence – and fast.

Key among these directives and guidance is the Enduring Security Framework (ESF). Developed by NSA, ODNI, and CISA, and modeled on the NIST Secure Software Development Framework (SSDF), ESF aims to harmonize previously disparate Cyber Supply Chain Risk Management (C-SCRM) policies and procedures across the federal government. A key tenet of ESF – and also a requirement of a new White House Memo (M-22-18) – is vendor self-attestation to software developed in accordance with NIST standards.

Yet, despite directives from the highest levels of government, questions remain:

  • Does every ESF recommendation and control have to be met by software vendors?
  • Are some C-SCRM practices and standards a priority over others?
  • Will OMB require point-in-time or continual attestation?
  • When will the standardized self-attestation form be released?

Until we have answers, one thing is clear – software supply chain security can’t be solved by directives and guidelines alone. The reality is, a threat can only truly be mitigated through increased cooperation between the public and private sectors. As head of government affairs at SolarWinds here’s my take on how the agencies and industry can join forces to collaborate.

Cooperation Must Occur – CISO to CISO

SolarWinds Securing the Supply Chain Blog Embedded Image 2023

Typically, software purchases are one-time transactional exchanges. After all, the goal is to make procurement, installation, and deployment as quick and efficient as possible. In this model, relationships between the software vendor or supplier and the procuring agency aren’t nurtured. It’s an approach I believe needs to change.

To protect our shared infrastructure from evolving threats, federal security leaders must build lasting and meaningful relationships with software vendors.

Creating these partnerships is the future of C-SCRM in the federal government. Indeed, following the 2020 SUNBURST hack, we set out on a mission to lead the way to safer IT with our Secure by Design initiative. This effort included launching a new model for secure software development to strengthen the integrity of build environments.

Crucially, we also committed to establishing new standards in information-sharing and public-private partnerships. Government security leaders should communicate frequently and continuously with their industry counterparts about enterprise software security, the development process, and adherence to ESF standards. When it comes to their vendors, Federal CISOs must also have a dedicated person to call at any time – not just a toll-free number.

Screen Vendors in Seven Steps

Self-attestation may be mandated, but it won’t fix everything. After all, most agencies lack the resources to evaluate every software vendor’s self-declaration, opening the doors to abuse. The compliance framework may also seriously hinder the procurement process.

Until OMB issues further guidance, agencies can screen their suppliers’ security measures using a set of seven questions developed by our CISO, Tim Brown, and DHS CISO Ken Bible in the aftermath of the SUNBURST. Those questions are:

  • How do your vendors secure software code?
  • What type of environment do you build your software in?
  • Have they established secure software development framework roles and responsibilities?
  • Are they using automation and DevSecOps to automate developer and security toolchains?
  • What policies and measures do they have in place to prevent malicious or vulnerable software from affecting their customer base?
  • How are they monitoring risk in their own supply chain?
  • If a breach occurs, what’s their process for notifying customers?

Defending Together

Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.

Download our Whitepaper to learn more about how this model can be used to secure the software supply chain, or to learn more about SolarWinds Secure by Design initiative, SolarWinds’ recently launched Next-Generation Build System, a model for secure enterprise software development.