NIST releases draft guidebook for addressing supply chain cybersecurity

February 10, 2020
News Release
Shop Management

Technology products are commonly built using components and services supplied by third-party manufacturers and suppliers, making them difficult to secure effectively against malware and other threats. NIST

With a goal to reduce the cybersecurity risk to one of the most vulnerable aspects of commerce—global supply chains—the National Institute of Standards and Technology (NIST) has published a draft guidebook for businesses that presents a set of effective risk management techniques distilled by NIST’s computer security experts.

“Key Practices in Cyber Supply Chain Risk Management” provides a set of strategies to help businesses address the cybersecurity issues posed by modern information and communications technology products, which are commonly built using components and services supplied by third-party organizations. The composed nature of these devices and systems makes them difficult to secure effectively against malware and other threats, placing manufacturers, service providers, and end users at risk.

“The seed of the problem is that everything is interconnected nowadays,” said NIST’s Jon Boyens, one of the draft report’s authors. “Products are very sophisticated, and with our globalized economy, companies often outsource the tasks of developing components and code to other companies, involving multiple tiers of suppliers.”

Vulnerabilities in the cyber supply chain involve not only microchips and their internal code, but also the support software for a device and the other companies that have access to its components. Put them all together, and it can be a daunting task to anticipate every systemic weakness that an adversary might exploit.

The NIST report is a high-level document intended to be easily understood and applied in managing these risks. Its core is a 27-page section outlining eight key practices that have proved to be useful, from establishing a formal risk management program to collaborating closely with key suppliers. Each key practice is accompanied by a set of recommendations, and because each organization will have its own specific needs, the authors also include guidance on how to apply these recommendations.

Acknowledging that companies in different economic sectors might manage supply chain risk differently, the authors also offer a set of 24 case studies in risk management that feature a variety of businesses from aerospace and IT manufacturers to consumer goods companies.

Following public comments, NIST will release a final version in spring 2020.

Webcasts

Podcasts

FAB 40

Advertise

Subscribe

Search

Fabricating favorite childhood memories

Tips for creating sheet metal tubes with perforations

Are two heads better than one in fiber laser cutting?

Capturing, recording equipment inspection data for FMEA

How welders can stay safe during grinding

Sheffield Forgemasters makes global leap in welding technology

Launching a fleet revival at Seaspan shipyard

Keys to selecting a compact inverter power source

Fabricator achieves extraordinary with simple approach

Three big issues fabricators must prioritize in 2024

Tube 2024 to feature first-ever events

Decoding all the tube bender options

Prescripción para la reducción del desperdicio: arreglo esbelto de las instalaciones

Los operadores de prensa dobladora inexpertos hacen indispensable el repensar la seguridad

La mezcla de gas auxiliar impulsa la tecnología del láser de fibra

La avanzada tecnología de fabricación pone a Cadrex Monterrey a la vanguardia

NIST releases draft guidebook for addressing supply chain cybersecurity

16th Annual Safety Conference

Pipe and Tube Conference

World-Class Roll Forming Workshop

Advanced Laser Application Workshop

Our Publications

Categories

Industry Directory