Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Securing information and communications technology supply chain

By Maria Henriquez
supply-chain-freepik1170x658v5.jpg
April 5, 2022

April is National Supply Chain Integrity Month.

In partnership with the Office of the Director of National Intelligence (ODNI) and other government and industry partners, the Cybersecurity and Infrastructure Security Agency (CISA) is promoting a call to action for a unified effort by organizations across the country to strengthen information and communications technology (ICT) supply chain.

The ICT supply chain powers national security missions, critical infrastructure sectors and private industry security and innovations. As more organizations undergo digital transformations to streamline operations, the supply chain becomes more complex and interconnected, encompassing the entire lifecycle of ICT hardware, software, and managed services and various entities — including third-party vendors, suppliers, and service providers. Adversaries target third-party vendors and suppliers for this very reason, representing a way to target the government and critical infrastructure. 

Acting CISA Assistant Director Mona Harrington says, “Government and industry must continue to work together to protect our critical infrastructure and the associated supply chains that underpin the very fabric of our nation and economy.” 

Here are a few steps organizations can take to enhance the security and resilience of their ICT supply chain, according to security leaders:

Jasmine Henry, Field Security Director at JupiterOne: There is no solution currently, only tactics to reduce risk. Using knowledge graphs to map critical asset dependencies on third-party code is helpful. Software bill of materials (SBOMs), vendor consolidation, and retiring legacy systems can also mitigate supply chain risk.

Joseph Carson, chief security scientist and Advisory CISO at Delinea: At the moment, the global supply chain is extremely fragile. Organizations have less control and visibility over the actual security that supply chains have put in place. For the most part, this tends to only be covered in legal contracts rather than a true security risk assessment. Organizations must prioritize privileged access security to reduce the risks exposed in their supply chain security.  

Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber: It is unfair to blame the software supply chain vendor considering how bad actors often use known, unaddressed vulnerabilities that IT security teams should have mitigated well before the software supply chain hack became a reality. Cybersecurity teams need to do more than just scan for vulnerabilities. We need to work together to better measure, manage and mitigate cyber risk, or we will be crushed by a growing mountain of vulnerability debt.

Throughout April, CISA will promote resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force, to help organizations and agencies integrate SCRM into their overall security posture. To view online resources, visit CISA.gov/supply-chain-integrity-month.

KEYWORDS: cyber security national security risk management supply chain

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Columns
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • supply chain

    CISA announces extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

    See More
  • software supply chain

    CISA releases HBOM framework for supply chain risk management

    See More
  • dataminr-connected tissue

    CISA releases ICT supply chain risk management task force year 2 report

    See More

Related Products

See More Products
  • Security of Information and Communication Networks

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • Physical Layer Security in Wireless Communications

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing