Government IT supply chain risks uncovered

     

securityAn advanced supply chain management program is no longer optional. With the complexity of modern manufacturing and distribution processes, logistics is a constant struggle to maintain efficiency and security. Recently, the federal government's IT supply chain has come under scrutiny for lack of certain security features.

According to PCWorld, the weaknesses in the procurement of software and hardware were due to the need for data security in many other segments of government IT, which has spread resources thin.

"The global IT supply chain introduces risks that, if realized, could jeopardize the confidentiality, integrity and availability of federal information systems," Gregory Williamson, head of the Government Accountability Office, told the House of Representatives' Energy and Commerce Committee.

Complex institutions like government agencies or private companies have many opportunities to lose data and many processes that rely on data loss prevention. The GAO found that the global sprawl of the supply chain only increased the risks inherent in such an organization. The GAO's report specified that the lack of security mechanisms could open the IT procurement process to several risks. Among the dangers named by the GAO are unqualified or malicious companies being brought on to provide technical services, the receipt of counterfeit hardware or software or the adoption of technology with unintentional vulnerabilities.

The GAO also conducted a study of the IT supply chain recently, as its products and services have become vital to the proper operation of the federal government. With the vulnerabilities uncovered, the agency urged the Departments of Energy, Homeland Security and Justice to adopt greater accountability and reporting on their supply and logistics procedures. It found that, when shown a draft of the report, the departments seemed to agree that the recommendations were valid.

Federal News Radio reported that the Department of Defense is deep in a project to ensure the security of its own supply chain. Since 2009, the source stated, the DoD has sported a mandate to improve risk management for its supply chain. The plan is expected to be fully implemented by 2016.

The news provider also reported that there have been several other government supply chain defense mandates, making the weakness of the IT department seem especially pronounced. The Department of Homeland Security and the Pentagon have directly addressed supply chain security. In addition, the Cybersecurity Act of 2012 currently navigating Congress, necessitates that all vendors dealing with the federal government must, themselves, have secure supply chains.