The supply chain news on our radar this month: defective parts, a costly ransomware attack, and a win for the F-35 engine
The BlueVoyant Government Solutions team is constantly reading (and listening) to the latest news and insights on supply chain risk management in the U.S. Department of Defense (DoD) and broader Defense Industrial Base (DIB). Every month, we invite you to take a peek at some of the headlines that got us talking around the watercooler the most, and how we’re approaching our work in the DoD as a result.?
by Ian King for
Bloomberg News
, 16 February 2023?
- What happened: A supply chain cyber attack targeting an Applied Materials’ supplier cost the semiconductor technology company $250M in damages and delivery disruptions. The supplier in question, MKS Instruments Inc., was unable to process orders, ship products, and provide customer service in its vacuum and photonics divisions as a result of the breach.?
- Why it matters: It’s no secret that semiconductor chips are a precious commodity for U.S. national security and economic interests. Ransomware attacks also remain a constant and common cyber threat for companies supporting critical American supply chains. While we hate a headline like this, it feels like we’ve been here before, and we should probably have the tools and processes to prevent something like this from happening again.?
- Our take: We do, in fact, have the tools to get ahead of this type of ransomware attack – or, at the very least, mitigate it before it turns into a larger supply chain issue. Getting ahead of cybersecurity risk requires complete digital and physical supply chain transparency, persistent monitoring of emerging vulnerabilities, and immediate coordination to remediate threats with your impacted third-party suppliers.?
by James Drew for
St. Louis Business Journal
, 11 February 2023
- What happened: Boeing has launched a lawsuit against Raytheon following allegations that Raytheon subsidiaries supplied faulty parts to F/A-18 and F-15 fighter jets. The incident in question began in 2018 at Boeing’s St. Louis County facility, causing Boeing to incur tens of millions of dollars in mitigation costs and delaying the F/A-18 release by three months in 2019.?
- Why it matters: Large companies suing each other isn’t exactly breaking news. The problem is, we’re still talking about a three month delay that occurred four years ago. Even a seemingly momentary supply chain disruption can have long-term impact. This is a perfect example of the ways in which these issues can drag out for years.?
- Our take: Boeing and Raytheon aside, imagine how a smaller company in your supply chain might fare under a similar financial or legal battle. (Spoiler alert: probably not well.) All the more reason to take another look at the lowest tiers of your supply chain, identify criticality amongst those suppliers, engage in continuous business and cyber risk monitoring, and be prepared with alternative supplier options. You know, just in case.?
by Stephen Losey for
Defense News
, 10 February 2023?
- What happened: After facing engine troubles that halted deliveries of the F-35 Joint Strike Fighter for two months, it seems as though a solution may be available as soon as the end of February.?
- Why it matters: While any delivery delay is not ideal, we also think it’s important to acknowledge and commend the DoD for working with their prime contractors and suppliers to remediate an issue as quickly as possible. In this instance, the U.S. Air Force and Pratt & Whitney worked together to identify and isolate a specific engine vibration issue, as well as conduct the necessary due diligence to release a suitable and safe solution within months.?
- Our take: For every unexpected supply chain disruption, we could only hope that the response is just as swift. Even more importantly, both parties have already taken proactive steps to require additional testing practices and prevent similar disruptions from happening again. That’s the energy we like when it comes to efficacy, transparency, and continuous improvement in supply chain risk management.
Episode #21 of Building the Base Podcast, 8 February 2023?
- What was discussed: The big topic of discussion in this episode was China, and the ways in which they may be out-investing and out-innovating the United States. New research indicates that China’s defense innovation cycles may be five times faster than what we are seeing in the U.S. military, but Frank warns that we can’t skip over critical foreign risk assessments in our desire to move just as quickly.?
- Why it matters: A comprehensive analysis of foreign ownership, influence and control (FOCI) requires diving into the details beneath the surface – who they are, who advises them, who they do business with, where they’re doing business, why they’re doing business there, and all of the business and cyber risks that might pose.??
- Our take: Cue the ‘yeah, isn’t that obvious and covering the basics?’ comments, and they’re not wrong. But unfortunately, FOCI is an area where we see a lot of DoD programs typically left wanting for more. Getting ahead of foreign influence threats and protecting mission-critical government investments is something we are fully on board with — and already engaged in at every stage of the acquisition lifecycle.?
by Edward Graham for
Defense One
, 22 February 2023?
- What happened: The Pentagon’s Office of Inspector General (IG) recently conducted an audit to determine whether five DoD cloud systems using three different commercial cloud service offerings (CSOs) were in compliance with federal and DoD security requirements. Well, the results are in, and it’s not looking great. According to the IG, the five agency component authorizing officials (AOs) didn’t follow requirements for assessing CSO risk when granting access, as well as reassessing risk for authorizations and continuous monitoring activities.?
- Why it matters: This wouldn’t be alarming, except for the fact that the role of AOs is to grant system-level authorization to operate (ATO) in accordance with requirements that aim to reduce cybersecurity risk. When the DoD has gone all in on commercial CSOs, insufficient review processes leave the agency exposed and vulnerable to cyber threats.?
- Our take: Not all hope is lost. The IG report recommended that the respective AOs reevaluate the ATOs for the five cloud systems in order to determine the most salient cybersecurity requirements. Understanding that a strong cyber internal defense starts with external third-party systems is truly validating to our own work in the DoD. But seriously…? @DoD, call us?
More February headlines not to miss:??
Want to tune into our next huddle instead? Every month, the BlueVoyant Government Solutions team huddles up live to discuss the latest supply chain risk events impacting the U.S. Department of Defense and Defense Industrial Base. Subscribe here to get on the list and receive the next huddle recording as soon as it drops.
QA Tester | Manual Testing Specialist Web And Mobile Testing
8 个月Download Forrester's Total Economic Impact? of the SecurityScorecard Platform to find out the real benefits their customers are experiencing every day. This is a great product to turbo-charge your Third Party Risk Management or Board Reporting in cyber. https://securityscorecard.com/resources/analyst-reports/the-total-economic-impact-of-the-securityscorecard-platform/
Defense Tech Solutions. Podcast Host. Investor. Advisor. Board Member. Father. Husband. Philanthropist.
2 年Cassidy Chiasson great read! Thank you for putting this together.