By George Vunovic, Executive Vice President, Technologies, OC Reilly Inc.

(Nov. 16, 2020)–Cybersecurity in health care and also within the supply chain cannot be viewed as an IT problem only. Risks exist in sourcing, vendor management, continuity and quality, transportation, security and more. It takes a constant and sustained effort to protect a supply chain system from online attackers. Breaches tend to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices.

According to the National Institute of Standards and Technology, cyber supply chain risks include:

  • Third party service providers or vendors – from janitorial services to software engineering — with physical or virtual access to systems or software.
  • Poor information security practices by lower-tier suppliers.
  • Compromised software or hardware purchased from suppliers.
  • Software vulnerabilities in supply chain management or supplier systems.
  • Counterfeit hardware or hardware with embedded malware.
  • Third-party data storage or data aggregators.

To overcome those areas of concern, cyber supply chain best practices include:

  • Security requirements are included in every RFP and contract.
  • Address any vendor vulnerabilities and security gaps.
  • “One strike and you’re out” vendor policy regarding products.
  • Pre-qualified or immediately inspected component purchases.
  • Secure software lifecycle development programs and training for all engineers.
  • Source code obtained for all purchased software.
  • Software and hardware have authentication codes to operate together.
  • Automation of manufacturing and testing to limit human intervention.
  • Track and trace programs on all parts, components and systems.
  • Personnel in charge of supply chain cybersecurity partner with every team that touches any part of the product during its development lifecycle.
  • Legacy support for end-of-life products and platforms; assure continued supply of authorized IP and parts.
  • Tight controls imposed on access by limited number of service vendors
  • All vendors are authorized and escorted.

Your supply chain depends on a safe online presence.  The professionals at OC Reilly can assist you with development of a system with the proper protective protocols.  Contact them today to learn more.

2020 OC Reilly Inc.
https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/briefings/Workshop-Brief-on-Cyber-Supply-Chain-Best-Practices.pdf