NewsBrief April 24, 2020

Analytics, Risk and Managing the 21st Century Supply Chain

(Knowledge at Wharton) The business of moving goods from their point of origin to their destination anywhere on Earth is no small task, and the risks seem to be growing. As the COVID-19 pandemic is making painfully clear, in this time of crisis, several challenges are associated with providing caregivers with basic tools and remedies, which we all take for granted. Hospitals and health centers around the world are struggling to keep pace with the surge in demand for test kits, basic medical supplies, personal protective equipment and life-saving drugs in an effort to satisfy existing demand and prepare for the expected increase in cases in the coming weeks and months related to the coronavirus outbreak. It is certainly difficult to predict when, where and how these outbreaks may occur and spread. Read More

We Need Mission-focused Risk Management Programs to Adapt to Changing Circumstances

(Nextgov) There are countless lessons we will learn from the ongoing COVID-19 pandemic, the value of a risk management program being just one. To have an effective risk management program, security and compliance teams should continuously analyze the people, processes and technologies identified as mission- and business-essential during a crisis; and ensure this information is reflected in each system security plan. It is also essential to expand or create an integrated risk management program that is separate from (but complementary to) a compliance program, and adaptable to changes in circumstance. Read More

Tech groups push for IT modernization funding in future stimulus packages

(fedscoop) group of technology trade associations urged lawmakers to fund information technology modernization aimed at coronavirus response, telework and cybersecurity gaps through stimulus legislation in a recent letter sent to congressional leadership. The Information Technology Industry Council, Alliance for Digital Innovation, Computing Technology Industry Association, Center for Procurement Advocacy, Internet Association, and Cybersecurity Coalition signed the letter. They also wrote the Office of Management and Budget for support. Included in both letters are four principles addressing “critical” IT gaps in need of funding in either the Coronavirus Aid, Relief, and Economic Security (CARES) Act or future stimulus packages. Read More

The Pentagon’s Cybersecurity Certification Plan Includes Continuously Monitoring Contractors

(Nextgov) The accreditation body overseeing the Defense Department’s Cybersecurity Maturity Model Certification program—the CMMC-AB—issued a request for proposal that provides insight into how the group plans to keep track of contractors outside of conducting physical audits. The CMMC will end the DOD’s practice of allowing contractors to “self-certify” their cybersecurity practices. Before the end of the year, the department intends to require companies doing business with the DOD to gain a certificate from third-party auditors that will be valid for up to three years. “As part of the CMMC-AB’s efforts to mitigate risks posed to the country through sharing of sensitive information with DOD supply chain partners, a continuous monitoring solution will help fill in the gaps between assessments scheduled for once every three years,” the RFP reads. “The CMMC-AB is issuing this request for proposal to help us identify appropriate partners in our continuous monitoring solution.” Read More

Pentagon bracing for three-month slowdown on major defense equipment

(DefenseNews) WASHINGTON — The U.S. Defense Department expects to see a three-month delay across the majority of its Major Defense Acquisition Program portfolio as the result of workforce and supply chain issues caused by the coronavirus pandemic. “We believe there will be a three-month impact that we can see right now. So we’re looking at schedule delays and inefficiencies and so forth. That isn’t a particular program, that’s MDAPs in general,” Ellen Lord, the Pentagon’s top acquisition official, told reporters Monday. “And we are just now looking at key milestones that might be impacted.” Read More

State Dept. intel ‘doing more outside of the SCIF’ with open-source data

(Federal News Network) Before coronavirus pandemic, parts of the intelligence community were already preparing to deal with another major disruption to the way it does business: The rise of emerging technology. In response to the immediate threat from the coronavirus, Ellen McCarthy, the assistant secretary for the State Department’s Bureau of Intelligence and Research, said Wednesday that her organization continues with the work of gathering sensitive geopolitical information for the agency’s diplomats. “We were prepared, we had a plan for moving analysts out of our spaces. Those analysts who are still working in our spaces are safe, and as a result, we’ve been doing a tremendous job in terms of supporting the secretary and supporting the rest of State,” McCarthy said during a webinar hosted by the Intelligence National Security Alliance. Read More

Coronavirus: Industrial IoT in challenging times

(McKinsey & Company) Industrial companies expected 2020 to bring economic pressure from ongoing trade disputes, the aftermath of Brexit, automotive-industry challenges, and slowing demand in China. But none anticipated that the COVID-19 pandemic would throw the global economy, and their own operations, into an unprecedented crisis. As the coronavirus continues to spread, governments, healthcare authorities, and business leaders are focused on preserving lives and containing the pandemic. In parallel, they want to lessen the humanitarian toll by protecting the livelihoods of millions of workers who are now furloughed, unemployed, or in danger of losing their jobs. Read More