惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
GbyAI
GbyAI
SecWiki News
SecWiki News
Project Zero
Project Zero
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
A
Arctic Wolf
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
Apple Machine Learning Research
Apple Machine Learning Research
T
Tailwind CSS Blog
The Hacker News
The Hacker News
T
Tenable Blog
雷峰网
雷峰网
有赞技术团队
有赞技术团队
V
V2EX
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
T
Threatpost
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
月光博客
月光博客
Spread Privacy
Spread Privacy
S
Secure Thoughts
宝玉的分享
宝玉的分享
博客园 - 三生石上(FineUI控件)
Forbes - Security
Forbes - Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
I
Intezer
博客园 - 【当耐特】
B
Blog RSS Feed
Attack and Defense Labs
Attack and Defense Labs
I
InfoQ
博客园 - 叶小钗
Cyberwarzone
Cyberwarzone
V2EX - 技术
V2EX - 技术
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
H
Help Net Security
C
CERT Recently Published Vulnerability Notes

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
Strategies for Securing the Federal Supply Chain
MeriTalk Sta · 2025-03-31 · via MeriTalk

By Julie McCabe, Territory Account Manager, Panasonic Connect

Cybersecurity threats to the United States government from a range of bad actors are escalating. In 2023 alone, the federal government reported more than 32,000 cybersecurity incidents – a five percent increase from the previous year.

These attacks are not only growing in volume but also in sophistication, making robust cybersecurity measures more critical than ever. Supply chain security is an important part of the cybersecurity protection process.

To address these challenges and threats, the Office of Management and Budget (OMB) has set several ambitious goals through its Zero Trust Strategy memorandum. Federal agencies are expected to meet stringent cybersecurity standards, encompassing asset inventories, phishing-resistant multi-factor authentication, and enhanced data security.

Achieving these objectives will require government leaders to adopt a proactive and comprehensive change management and adaptation approach. Adopting a zero trust approach means requiring authentication and validation from the top down. Governmental entities, suppliers, and end users all need to verify their devices and prove their identities to help prevent cyberattacks and espionage.

Building Secure Supply Chains

One key priority for federal agencies is establishing secure supply chains for hardware and software. While bad actors – state-sponsored or otherwise – pose significant risks, people within the supply chain are often the first line of defense and the biggest potential vulnerability. Simple mistakes, such as mishandling sensitive devices or inadvertently exposing systems to malware, can compromise the entire chain.

To mitigate these risks, integrating security into supply chain planning is essential. Teams must be able to quickly identify and mitigate risks, ensuring that devices and systems are safeguarded against tampering and other threats.

Adopting Zero Trust Principles

Central to the OMB’s strategy is the adoption of a zero trust cybersecurity framework. This approach operates on the principle of “never trust, always verify,” requiring constant validation of all users and devices before granting access to resources.

As Alper Kerman from the National Institute of Standards and Technology explains:

“You could be working from an enterprise-owned network, a coffee shop, home or anywhere in the world, accessing resources spread across many boundaries, from on-premises to multiple cloud environments. Regardless of your network location, a zero trust approach to cybersecurity will always respond with, ‘I have zero trust in you! I need to verify you first before I can trust you and grant access to the resource you want.’ Hence, ‘never trust, always verify’ — for every access request.”

Zero trust is not a standalone initiative. It exists as just one part of a broader compliance ecosystem that also includes other frameworks such as the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) and the NSA’s Commercial Solutions for Classified (CSfC) program.

Federal agencies must ensure devices are secure, supply chains are and stay tamper-free, and that a secure chain of custody exists for maintenance and repairs.

Planning for Real-World Scenarios

Government IT leaders must also plan and account for potential security breaches, many of which can stem from human error. Several examples include an employee accidentally leaving a work laptop at a public location such as a coffee shop, a computer with sensitive information being stolen during shipping for repairs, or a bad actor physically stealing a smartphone or tablet.

A strong zero trust strategy anticipates these scenarios and integrates solutions to minimize risks and reduce the likelihood of supply chain compromise.

For agencies managing remote or hybrid workforces, these challenges multiply rapidly. Employees often use various devices, including laptops and smartphones, in a range of different locations. To address these complexities, IT teams should prioritize technology solutions with features like:

Hardware-based encryption: Protect sensitive data while maintaining device performance. This enables secure access to encrypted drives even when moved between devices.

Multiple authentication options: Contactless and insertable smartcard readers, fingerprint scanners, and other technologies provide flexibility and security.

Asset tracking software: Helps agencies monitor device usage and respond swiftly to lost or stolen equipment.

A Path Forward

As highlighted by the OMB’s Zero Trust Strategy memorandum, protecting federal systems is a top priority. By embracing a zero trust framework and securing supply chains, technology leaders at agencies can stay ahead of increasingly sophisticated threats, ensuring sensitive data and systems remain secure while adapting to evolving challenges.

In the fight against cyber threats, a robust zero trust strategy is not just an option – it is a necessity. Zero trust and adoption of strategies like hardware-based encryption, multiple authentication options, asset tracking software, and stringent authentication protocols go a long way in increasing governmental cybersecurity. Whether a device is being sent in for repairs or being used in a hybrid workspace for the first time, smart planning and authentication helps users and helps their organizations.