Supply Chain Risk 2012
Doing business in a Global Economy: What is a Trusted Supply Chain?
Hilton Crystal City
Betsy Lauer, [email protected]
Supply Chain Risk 2012
"The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyber threat."
- Former Deputy Secretary of Defense William Lynn
Newly Released Report
Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage
China has been acknowledged as a source for cyber intrusions as well as counterfeit micro-electronics. A newly released report prepared for the U.S.-China Economic and Security Review Commission expands on a 2009 assessment of China's evolving computer network operations capabilities and risks to the U.S. Telecommunications Supply Chain.
Download report here
The Defense Department, through efforts such as the Trusted Foundry program and use of standards like Common Criteria (ISO/IEC 15408), is working to reduce its supply chain vulnerability footprint. This is not a small problem. Some have recommended government measures that mandate significant and potentially onerous consequences for suppliers having inadequate cyber protections.
The House Republican Cybersecurity Task Force, however, recommends an approach based more on incentives rather than regulations.
The Cyber risks and vulnerabilities in an improperly managed supply chain, from counterfeit equipment to malware to other avenues of attack, are real and growing. Agencies and departments are developing policies to keep a more watchful eye on vendors, partners, and others in their cyber supply chains and adopt best practices for mitigating risks across their systems and processes.
The question remains: Will they be carrots or sticks?
Ms. Jennifer Bisceglie
President, Interos Solutions, Inc.
Brett B. Lambert, Deputy Assistant Secretary of Defense, Manufacturing and Industrial Base Policy, DoD
Mr. Lambert is the principle advisor to the Under Secretary of Defense for Acquisition, Technology and Logistics on all matters relating to the defense industrial base, including industrial capabilities and assessments; defense industry mergers, acquisitions and consolidation; preservation of essential industries and technologies; and other related matters.
Presentation not for release
Mr. Larry Clinton, President and CEO, Internet Security Alliance
Mr. Clinton has been featured in USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC and has authored numerous professional journal articles on cyber security. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate and promotes a pro-market, anti regulatory approach to cyber security as outlined in numerous publications, including the ISA Cyber Security Social Contract and the Financial Management of Cyber Security.
Understanding the Threat
Chinese Microelectronics and Computing Technology
Dr. Josh Alspector, Institute for Defense Analyses
Presentation not for release
|Phil Harris, Executive, V8Logistics Services Group - Presentation
Do I Really Need That Big Stick? - Government Initiatives to Protect/Manage Supply Chains
Moderated by Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO
Mitchell Komaroff, Director, Trusted Mission Systems and Networks, DoD CIO
Lisa Kaiser, Director, Control Systems Cybersecurity Strategic Planning, Control Systems Security Program, Department of Homeland Security
Jon Boyens, Senior Advisor, Computer Security Division at NIST
** Presentations not available by panelists - contact for information
Carrots Work Better Than Sticks – Perspectives from Industry
Moderated by Ms. Catherine Ortiz, Defined Business Solutions - Presentation
- Craig Corbin, Director, Strategic Programs, World Wide Technology - Presentation
- Andras Szakal, VP and Chief Technology Officer, IBM Federal Software - Presentation
- Steve Lipner, Microsoft, Chairman of SAFECode - Presentation
- Andrew Olney, Director of Reliability and Product Analysis, Analog Devices, Inc. - Presentation not for release
Summary Panel – What did we hear, where do we go?
- Ms. Jennifer Bisceglie, Interos Solutions, Inc.
- Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO
- Robert B. Dix, Jr., VP, Government Affairs & Critical Infrastructure Protection, Juniper Networks
Hilton Crystal City
Map & Directions
Crystal City at National Airport
2399 Jefferson Davis Hwy
Arlington, VA 22202
Complimentary hotel airport shuttle service is provided to and from Ronald Reagan Washington National Airport (DCA) and the Crystal City Metro station. The Crystal City Metro Station is 3 blocks away.
The Hotel offers Self Parking only in a Security Enclosed Parking Facility directly beneath the hotel, based on availability. The fee is $24.00 based on 3 or more hours.
On-line registration will close COB, Friday, March 9. You may still register for the event. Please download, complete the registration form with payment, and bring with you on site to the conference. Registration Form
For information or assistance, please contact Betsy Lauer at (703) 247-9473 or [email protected]
(thru February 29)
(after March 1st)
(NDIA Member and Affiliates)
*Only available for active-duty military and civilian employees of the Government. Does not apply to contractors working for the government in any capacity.
Deadline to register online or by fax is by COB Friday, March 9, 2012.
A registration form may be downloaded, completed, and brought to the conference for onsite registration. Please do not mail any registration forms after February 24th. Registrations will not be taken over the phone; payment must be made at the time of registration.
Cancellations received by Wednesday, February 29, 2012 will receive a full refund. No refunds will be given for cancellations after February 29th. Substitutions are welcome in lieu of cancellations, as long as there is no financial transaction. All substitutions and cancellations must be made in writing to [email protected].
Sponsorships provide maximum visibility and brand recognition. You can strengthen your market position, make key contacts, showcase your products and services, and develop relationships with new customers, while reinforcing your existing customer relations. Sponsorships add a critical tool to your current marketing strategy.
Promotional Partner for $1,500
- Logo on the conference event web site
- Company name on filler slides at conference
- Recognition from the podium
- Event Signage
- 1 complimentary conference registration
Contact Betsy Lauer at [email protected] or 703-247-9473 for details on this event, or combine your sponsorship at both AFEI December cyber related events.
This symposium addresses the following questions:
- Update: What’s happened since the last seminar and what’s new in the 2012 FY that we need to be aware of?
- What policy and legislation approaches are best in addressing this problem?
- What are new policies and models for trusting suppliers, their supply chains and systems? Are current policies and those under consideration regarding suppliers and counterfeiting really going to be effective?
- Self-regulation vs government mandates – which is the more effective method?
- Do stringent requirements endanger fragile industries?
- Do half-measures provide inadequate protections?
- What are the unintended consequences of physical and cyber intersections for supply chains?
- How are real issues in this space defined and differentiated from non-issues?
The Comprehensive National Cybersecurity Initiative (CNCI) Initiative 11 recommends developing a multi-pronged approach for global supply chain risk management. This initiative should provide “a robust toolset to better manage and mitigate supply chain risk at levels commensurate with the criticality of, and risks to, their systems and networks.”
Who Should Attend?
Over one hundred and twenty five professionals in this area attended the first Cyber Supply Chain Forum. They represented a cross-section of businesses, large and small, who are participants in a supply chain and who have a stake in the outcome of debates on these topics.
Budget talks have stalled some action on this issue, but it is coming. Industry is realizing that being a "good supplier" means having adequate cyber protections, both for its own intellectual property and for the Government data it is privileged to maintain or have access to.
The time is coming when some for of auditable certification of cyber protection will be required to obtain Government business.
If you want to gain insights on what the future holds, participate in these critical discussions, be a part of the solution and not the problem, and network with others to learn what they are doing, then this event is for you.