MITRE – Supply Chain Security Framework
Supply chain’s are integral to the continuing success of the global economy, and are responsible for the distribution of essential products and services to the population of the U.S. and its global allies. It’s no wonder that cyber criminals see supply chain’s as a lucrative business opportunity. Over the past two years we’ve seen supply chain attacks take center stage with high profile attacks on major organizations including SolarWinds and the Colonial Pipeline. Due to the pressure exerted on these supply chains security organizations have taken the steps to secure this vulnerable industry. One prominent example is a new framework developed by MITRE, a not-for-profit security organization, that tackles the issue of supply chain security head on.
MITRE SoT Framework
MITRE has developed a “System of Trust” framework that seeks to establish standardized methodology to evaluate and secure suppliers, supplies, and service providers. One of the more interesting features of this framework is that it can be used across the organization and isn’t exclusive to IT or cybersecurity teams. The hope is that whether in the financial, marketing, or IT division suppliers can implement controls and evaluate the security of suppliers and products. Robert Martin, the senior software and supply chain assurance principal at MITRE labs explains that, “An accountant, a lawyer, or an operations manager could understand this structure at the top level.” This allows a greater sense of connectivity between certain divisions in an organization that according to Martin “don’t get connected right now.” At the current stage the SoT framework contains 12 risk areas that encompass a wide range of areas within an organization. Frameworks like these are especially important for businesses within the manufacturing industry as new regulations and compliance frameworks are becoming increasingly required for organizations seeking to do business with the DIB or the U.S. government in general. MITRE’s SoT framework should provide helpful insight on how manufacturing can better prepare and implement controls to become compliant in the future.
Fortunately, suppliers will not have to wait long to hear more details regarding this framework as Martin is expected to debut the System of Trust at the RSA conference next month in San Francisco. Overall the System of Trust framework alongside other frameworks developed by MITRE seek to standardized and provide consistency across the supply chain and better secure organizations from sophisticated and ever evolving cyber attacks in the global landscape.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.