Organizations across all industries are at risk for attacks and threats from malicious actors. Supply chains are especially vulnerable due to their dependence on a range of software, hardware, outside vendors, equipment, and technology.
As part of Cyburgh 2021, a panel of experts discussed strategies to secure entire supply chains when it comes to cybersecurity. From overcoming employee apathy and working with outside vendors to gaining management and board buy-in, it is possible to foster a comprehensive culture of security throughout an organization.
- Christopher Fry, CISSP, Cybersecurity Program Manager, Compunetix, Inc.
- Shari Gribbin, Advisory Solutions Partner with Arch Access Control, CNK Solutions
- Richard Platts, CETL, Director of Technology and Innovation, North Allegheny School District
- Mark Vescovi, CIO, Liberty Tire Recycling
Moderator: David Kane, CEO, Ethical Intruder
Christopher Fry, CISSP, Compunetix Cybersecurity Manager, discussed how cybersecurity in supply chain management has evolved over the years. Compunetix procures the highest percentage of electronic goods in Western, Pennsylvania. Lead times on electronic parts have changed from days and weeks to months, some taking as long as a year. These extended lead times have created a market for counterfeit parts, which pose a multitude of problems for production. To mitigate this risk, Compunetix partnered with the Government-Industry Data Exchange Program (GIDEP) and other organization to ensure genuine sources and parts. Additionally, Compunetix uses industrial automated equipment for manufacturing processes. Many equipment manufacturers want to use remote diagnostic tools for service, which can lead to vulnerabilities such as ransomware. To mitigate this risk, organizations can practice segmentation while separating manufacturing from the corporate environment.
Christopher Fry and the other panelists go on to discuss getting leadership cooperation, infrastructure vulnerabilities, best practices, and more. To watch the panel discussion, click here. The entire set of Cyburgh 2021 sessions are available on the Pittsburgh Technology Council’s YouTube Channel.