Supply Chain Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has named April as the National Supply Chain Integrity Month. The intent is to bring awareness to supply chain security issues and call on all US governmental and commercial organizations to do their part to “Fortify the Chain.”

Our adversaries, both nation-states (Advanced Persistent Threats or APTs) and criminal groups (ransomware, et al.) seek to disrupt our supply chains for various reasons – e.g., instability, division, or financial gain. Being aware of these threats and proactive in our defenses is key to thwarting the disruption.

From a cybersecurity standpoint, the most important protection organizations can have is to implement a Security Information and Event Management (SIEM) or eXtensible Detection and Response (XDR) solution with 24/7 continuous monitoring and incident response. Without this, they are “flying blind” and will not be able to detect and respond to Indicators or Compromise (IOCs) of ongoing attacks in a timely manner.

CISA also recommends planning for the following:

• Identity & Authentication Management (IAM) – ensuring you have a strong system of access control with Single Sign-on (SSO), Multi-factor Authentication (MFA), and automated workflows for user onboarding/offboarding and audit.
• Business Continuity and Disaster Recovery (BC/DR) – it has been said that the status of backups is only known once a data restore is attempted. This means that backup solutions must be in place, backups planned and executed, and restorations tested often to ensure that business continuity can be maintained.
• Security Hygiene and Succession Planning – having a formal program of security vulnerability management and patching, along with planned upgrades for equipment, operating systems, and software is key to maintaining a defensive security posture.

Abacode can help with all of these solutions and services in a fully managed cybersecurity and compliance program aligned with a best practices framework, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) for critical infrastructure protection or the Cyber Maturity Model Certification (CMMC) (NIST SP 800-171). Please contact us today for more information.