Automation the key to Biden software supply chain demands
US cybersecurity agencies will struggle to meet Whitehouse demands to improve the security and integrity of the software supply chain, a leading cybersecurity agency has warned.
On Thursday, the White House shared a memo requiring agencies to comply with guidance from the Office of Management and Budget (OMB)
The new guidance requires agencies to follow secure development practices from the National Institute of Standards and Technology (NIST), a physical sciences laboratory and non-regulatory agency of the US Department of Commerce.
The memo, signed by OMB Director Shalanda Young, is headlined ‘Enhancing the Security of the Software Supply Chain through Secure Software Development Practices’.
Tom Kennedy is VP of Axonius Federal Systems, which helps federal government agencies safeguard mission objectives by strengthening IT asset identification and management.
Automation needed if OMB demands are to be met
Kennedy says that without digital automation, many will struggle to meet the OMB’s demands.
He said: "Having a comprehensive and accurate inventory of all assets, from software to devices to users, is foundational to the success of any cybersecurity program. But it's not easy to create or maintain. In fact, it takes roughly 86 person hours, on average, to generate an asset inventory, and it usually requires a combination of eight to 10 tools to complete.
“With federal IT and security teams already strapped for time and resources, the manual processes often used for this type of task won't suffice. Information is often siloed across numerous tools, and most of the time, CMDB information is out-of-date and unreliable.”
He added: “For agencies to meet the inventory deadline given by the White House, they have to shift toward a more programmatic process that automates data collection and correlation.
“It must remove the taxing resource commitment and be continuously run for real-time results. Otherwise, inventories will remain static and disadvantageous to protecting our nation."