The new federal council tasked with addressing supply chain security will hold its first meeting before the end of the month as officials look to implement a more scalable approach to barring certain companies from doing business with U.S. government rather than issuing individual directives, a top cyber security official said Thursday.
Grant Schneider, the federal chief information security officer, told attendees at a McAfee conference the new Federal Acquisition Security Council is able to leverage classified information to speed up the process of determining the information technology products that present a cyber risk to federal networks.
“The council is going to establish and then implement a set of criterias for making recommendations on equipment, services, products or companies that we shouldn’t allow to do business with the federal government,” Schneider said.
Schneider noted the Department of Homeland Security’s decision to ban Russian software company Kaspersky‘s products and a directive in the most recent defense authorization bill to prohibit the government from doing business with China’s Huawei and ZTE, while adding the current process of individually singling out companies may take too long secure the supply chain.
“Those are good approaches to get at one-off solutions. However, in my mind, they’re really ‘whack-a-mole’ solutions to a challenge that we need a far more systemic approach to,” Schneider said.
Schneider leads the new council, which was established by the Secure Technologies Act passed in December, which has the authority to recommend supply chain security measures to the DHS, DoD and the intelligence community for more sweeping directives.
Officials on the council will also be able to leverage classified information rather than open-source information, which Schneider said will allow for better informed supply chain decisions.
“If we had written a binding operational directive on Kaspersky using classified information we might have done it several years ago as opposed to one year ago,” Schneider said.