Automation the key to Biden software supply chain demands

Cyber agency Axonius says automation 'crucial' if agencies are to meet Whitehouse demands to tighten the security of the software supply chain

US cybersecurity agencies will struggle to meet Whitehouse demands to improve the security and integrity of the software supply chain, a leading cybersecurity agency has warned.

On Thursday, the White House shared a memo requiring agencies to comply with guidance from the Office of Management and Budget (OMB) 

The new guidance requires agencies to follow secure development practices from the National Institute of Standards and Technology (NIST), a physical sciences laboratory and non-regulatory agency of the US Department of Commerce.

The memo, signed by OMB Director Shalanda Young, is headlined ‘Enhancing the Security of the Software Supply Chain through Secure Software Development Practices’.

Tom Kennedy is VP of Axonius Federal Systems, which helps federal government agencies safeguard mission objectives by strengthening IT asset identification and management.

Automation needed if OMB demands are to be met

Kennedy says that without digital automation, many will struggle to meet the OMB’s demands.

He said: "Having a comprehensive and accurate inventory of all assets, from software to devices to users, is foundational to the success of any cybersecurity program. But it's not easy to create or maintain. In fact, it takes roughly 86 person hours, on average, to generate an asset inventory, and it usually requires a combination of eight to 10 tools to complete. 

“With federal IT and security teams already strapped for time and resources, the manual processes often used for this type of task won't suffice. Information is often siloed across numerous tools, and most of the time, CMDB information is out-of-date and unreliable.” 

He added: “For agencies to meet the inventory deadline given by the White House, they have to shift toward a more programmatic process that automates data collection and correlation. 

“It must remove the taxing resource commitment and be continuously run for real-time results. Otherwise, inventories will remain static and disadvantageous to protecting our nation." 


Featured Articles

EU Supply Chain Law: Key Supply Chain Consulting Firms

The EU Supply Chain Law, also known as the Corporate Sustainability Due Diligence Directive (CSDDD), is set to hold companies' supply chains to account

The Categories – Part 3: Procurement & Supply Chain Awards

Mark your calendars for the debut of The Global Procurement & Supply Chain Awards 2024 at Procurement & Supply Chain LIVE London on 24 September 2024

Meet our Sponsors: Procurement & Supply Chain LIVE New York

ProcessUnity, ServiceNow, and Beroe are sponsoring Procurement & Supply Chain LIVE New York, due to take place on 5-6 June 2024

The Categories – Part 2: Procurement & Supply Chain Awards

Digital Supply Chain

Top 100 Women 2024: Sheri Hinish, EY – No. 3

Digital Supply Chain

Top 100 Women 2024: Gretchen McCarthy, Target – No.2