The National Institute of Standards and Technology (NIST) is seeking public comment on the Feb. 4 draft of its cyber supply chain risk management guidance.
The new guidance, Key Practices in Cyber Supply Chain Risk Management, walks stakeholders through strategies to address possible cybersecurity issues associated with the modern IT supply chain. The draft discusses the complexities of vulnerabilities in a changing cyber supply chain that can make it difficult to secure the system from threats.
“The seed of the problem is that everything is interconnected nowadays. Products are very sophisticated, and with our globalized economy, companies often outsource the tasks of developing components and code to other companies, involving multiple tiers of suppliers,” Jon Boyens, one of the NIST authors of the report, said.
In a press release, NIST stated that many modern-day cyber breaches have been linked to supply chain risks, such as Operation ShadowHammer in 2018 and an attack by the Dragonfly group in 2013. To reflect the unique challenges faced by different organizations, the draft includes 24 different supply chain case studies that address various sectors.
NIST is accepting comments on the draft guidance through March 4.