U.S. Launches Initiative For Procurement Cybersecurity
Recent cyberattacks on Target, Neiman Marcus, and others have emphasized the importance of cybersecurity. These types of breeches have occurred in many different ways, including through POS (point of sale) transactions, disabled antivirus/antimalware agents, and social engineering with phishing emails. Attackers constantly seek new vulnerabilities to exploit.
In light of criminal cyberactivity, the U.S. government has launched an initiative designed to protect the supply chain of both civilian and military agencies from potential cyberattacks, which will be especially important in the e-commerce procurement process. The agencies involved with creating the plan, the General Services Administration (GSA) and the Department of Defense (DoD), have issued a report with recommendations to implement a “repeatable, scalable process for addressing cyber-risk in federal acquisitions based on the risk inherent to the product or service being purchased.”
The following four recommendations were released in a report by the GSA and DoD:
- Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions
- Include cybersecurity in acquisition training
- Develop common cybersecurity definitions for federal acquisitions
- Increase government accountability for cyber-risk management
Industry executives have been invited to comment on the plan and have suggested adding the use of a tiered “trusted supplier” chain, improving IT acquisition to make an often highly expensive and multiyear process simpler, more efficient, and quicker. They also suggest maintaining efficient acquisition through adequate workforce training across the federal government, ensuring that there is a common understanding of key cybersecurity terms, and using risk management strategies based on an industry standard.
“Both GSA and DoD have done a very good job of collaborating with the vendor community and seeking feedback,” Pam Walker, senior director for homeland security at ITIC, told the E-Commerce Times. “Their staffs have talked to industry representatives on a regular basis.”