A New Tool for Supply Chain Risk Analysis.
COVID19 is causing people in industry and government to take a hard look as the subject of Supply Chain Management Risk.
The National Institute of Standards and Technology (NIST) has developed a supply chain risk tool that could help people evaluate and quantify those risks. It is called the Cyber Supply Chain Risk Management (C-SCRM) Interdependency Tool.
The 3/14/20 online issue of the publication Government Technology & Services Coalition (GTSC’s) Homeland Security Today included this article:
https://www.hstoday.us/industry/nist-seeks-to-mitigate-supply-chain-risk-as-covid-19-impacts-industry/ NIST Seeks to Mitigate Supply Chain Risk, as COVID-19 Impacts Industry
Here are Excerpts from the Article:
“Supply chain risk is something the security community has been concerned about for some time. Companies and industries have been guilty of ignoring the risk or using ineffective safeguards. But the COVID-19 pandemic has exposed the vulnerabilities of organizations – particularly those with a dependence on China – and made them consider rethinking and transforming their supply chain model.”
“To help address supply chain risk, the National Institute of Standards and Technology (NIST) has developed a prototype tool developed to show a possible solution for filling the gap between an organization’s risk appetite and supply chain risk posture by providing a basic measurement of the potential impact of a cyber supply chain event.”
“Evaluating the impacts of a supply chain-related cyber event can be a difficult activity, especially for those organizations with complex operational environments and supply chains. A publicly available solution to support supply chain risk analysis that specifically takes into account the potential impact of an event does not currently exist. NIST’s tool has therefore been developed to help federal agencies identify and assess the potential impact of cybersecurity events in their interconnected supply chains.”
“NIST is seeking comments related to additional functionality or other aspects of the tool which may be used to develop future versions of the software. Comments should be addressed to scrm-nist@nist.gov by April 17, 2020.
Read the draft publication at NIST”
Conclusion
There are a lot of ways we in the U.S. can help each other through this. You can help by giving to NIST any feedback that you think will help improve the tool.
Michael Oswald
Please note: the above post contains educational information. It is not intended as legal advice. Engage an attorney who is licensed in your state to get advice on dealing with any specific legal issue.
© 2020 Michael S. Oswald
Michael S Oswald, Chartered 