Supply Chain

The global information technology supply chain has been hit with a growing and unprecedented number of attacks as adversaries attempt to compromise systems with various forms of malware in an attempt to steal or compromise or hold for ransom sensitive information.

Federal executives realized how complex the question of supply chain security was in 2017 when officials tried to implement the Department of Homeland Security’s order to remove Kaspersky anti-virus software from federal computers and networks. Labeled a risk because of the company’s ties to Russia, the authority to force removal was not clearly laid out in previous policy. To remedy that, new legislation has been passed, a new acquisition security council is in process and the Government Accountability Office has put together recommendations for how agencies should manage their supply chain security.

The supply chain has many layers and components and simple fixes are rare. Vulnerabilities can be exploited in software and hardware and with software defined networks, it can be difficult to draw the line between where software ends and hardware begins.

In this workshop, we discussed the current threat landscape, the solutions being used and tested and what management plans and processes are available.

Attendees came away with an improved ability to:

  • Assess the vulnerabilities in systems and networks
  • How the different security assessments and requirement interact
  • The role the Federal Acquisition Security Council will play
  • Best process for Supply Chain Risk Management (SCRM)

Speakers

/media/images/GIG/GIGEvents/2019Custom/Speakers/KeithNakasone2019.jpg

Keith Nakasone

Deputy Assistant Commissioner, Acquisition
Office of Information Technology Category
Federal Acquisition Service

General Services Administration

Read More
/media/images/GIG/GIGEvents/2019Custom/Speakers/KeithNakasone2019.jpg

Keith Nakasone

Deputy Assistant Commissioner, Acquisition
Office of Information Technology Category
Federal Acquisition Service

General Services Administration

Mr. Keith Nakasone is the Deputy Assistant Commissioner, Acquisition Management, within the Office of Information Technology Category (ITC) in GSA’s Federal Acquisition Service (FAS). The Federal Acquisition Service provides buying platforms and acquisition services to Federal, State and Local governments for a broad range of items from office supplies to motor vehicles to information technology and telecommunications products and services. As an organization within FAS, ITC provides access to a wide range of commercial and custom IT products, services and solutions.

Acquisition Management provides oversight of strategy development, internal training for the acquisition workforce, and system support for executing ITC’s acquisition, some of the largest in government, such as Schedule 70, IT Governmentwide Acquisition Contracts (GWACs) and Telecommunications contracts such as Networx and Enterprise Infrastructure Solutions (EIS). Additionally, the office establishes training and development programs to ensure a trained, engaged, innovative, and forward-thinking acquisition workforce.

Mr. Nakasone started his civil service career in 1989 specializing in the field of Procurement with an emphasis in Telecommunications and IT Services, Hardware and Software. Prior to joining ITC, Mr. Nakasone served as Senior Procurement Executive at the FCC overseeing the Acquisitions and Procurements, Contracting Officer’s and Contracting Officer’s Representatives Certification Programs, as well as responsible for the Small Business goals for the agency. Mr. Nakasone’s almost 30 years of work experience included:

  • Technical Director/JELA Program Manager, Procurement Directorate, DISA HQ
  • Deputy, Strategic Planning, Analysis, and Governance Division, DISA HQ
  • Agile Implementation Manager, DoD/VA Interagency Program Office (IPO)
  • Chief, Hawaii Procurement Division and the Deputy for the Defense Information Technology Contracting Organization-Pacific (DITCO-PAC)
  • Chief, Hawaii Product and Services Branch, DITCO-PAC

His education includes a Master of Science, National Resource Strategy, National Defense University, Industrial College of the Armed Forces, Ft. McNair, Washington D.C.; Bachelor of Science, Business Administration w/Distinction Cum Laude, Hawaii Pacific University, Honolulu, HI. And he currently holds certifications in Change Agent, Implementation Management Associate; Scrum Master, CSM, Winnow Management; Level III Certified – Acquisition Career Field of Contracting; Certification of Completion – Defense Senior Leadership Development Program (DSLDP); Senior Acquisition Certificate – National Defense University, Industrial College of the Armed Forces; and Executive Leadership Training Certificate – George Washington University.

/media/images/GIG/People/W/Whitworth_AlexBW.jpg

Alex Whitworth*

Director of Supply Chain Management

Carahsoft

*Providing Session Opening Remarks

Read More
/media/images/GIG/People/W/Whitworth_AlexBW.jpg

Alex Whitworth*

Director of Supply Chain Management

Carahsoft

*Providing Session Opening Remarks

Alex Whitworth is an IT executive with more than 11 years of experience in all aspects of public sector sales, marketing and channel development. As Director at Carahsoft Technology Corp., he manages several sales teams, providing leadership and insight into the Public Sector IT marketplace. His teams play a major role in supporting the government’s evolving cybersecurity demands, with a deep focus towards supporting agencies with successful zero trust adoption. In addition, he leads Carahsoft Technology Corp.’s corporate strategic efforts in helping agencies with Supply Chain Risk Management objectives and helping organizations meet compliance with the DoD’s CMMC initiative.

As the trusted government IT solutions provider, Carahsoft serves as the largest government distributor for Microsoft, RSA, Forescout, IronNet, and Eclypsium among others. The company also drives value for an extensive ecosystem of resellers, system integrators, and consulting partners serving the government, education and healthcare markets.

/media/images/GIG/GIGEvents/2021Custom/Speakers/JohnLoucaides_BW.jpg

John Loucaides

VP, R&D

Eclypsium

Read More
/media/images/GIG/GIGEvents/2021Custom/Speakers/JohnLoucaides_BW.jpg

John Loucaides

VP, R&D

Eclypsium

John Loucaides is Vice President, Federal at firmware security company Eclypsium.

/media/images/GIG/People/E/Ekwurzel_ErikBW.jpg

Erik Ekwurzel

Chief Technology Officer

Dun & Bradstreet

Read More
/media/images/GIG/People/E/Ekwurzel_ErikBW.jpg

Erik Ekwurzel

Chief Technology Officer

Dun & Bradstreet

Erik Ekwurzel is the Chief Technology Officer, Dun & Bradstreet Government Solutions. Erik is responsible for all aspects of technology and services provided by Dun & Bradstreet to ensure the secure, compliant, data and analytics solutions to the Government. Erik oversees the development and implementation of government solutions, and complex implementations for Dun & Bradstreet’s largest government customers including GSA, FDA, SBA, TSA, DHS, DoD, and Intel. Earlier in his career at Dun & Bradstreet, Erik designed, implemented, and managed products for Dun & Bradstreet’s global customer base. Erik joined Dun & Bradstreet in 2001 when Dun & Bradstreet acquired an internet data distribution startup where Erik led a professional services team responsible for a multimillion-dollar portfolio. Erik attended Columbia College and University of Pittsburgh and holds a BA in Philosophy of Science.

/media/images/GIG/People/C/Carayiannis_DanBW.jpg

Dan Carayiannis

Public Sector Director

RSA Archer

Read More
/media/images/GIG/People/C/Carayiannis_DanBW.jpg

Dan Carayiannis

Public Sector Director

RSA Archer

Dan Carayiannis currently serves as RSA Archer’s Public Sector Director. With a career spanning over 30 years, Mr. Carayiannis has held several executive leadership positions with information technology, IT security, geospatial and services companies servicing government and commercial enterprise customers. Mr. Carayiannis has been with RSA Archer for 12 years and is responsible for Archer’s Go-To-Market initiatives within the federal, state, local and international public sector marketplace. Mr. Carayiannis’ responsibilities includes leading RSA Archer’s public sector initiatives defining future Archer solution requirements for the public sector as well as supporting Archer’s commercial market initiatives involving federal regulations and directives. Mr. Carayiannis holds a BBA from James Madison, an MBA from Marymount University and was awarded a Duke University Executive Development Program certificate. Mr. Carayiannis has spoken at a wide range of industry conference engagements on RSA Archer’s behalf, is an active member of several industry related associations and has served on business and university advisory boards.

/media/images/GIG/People/J/Johnson_AnnBW.jpg

Ann S. Johnson

Corporate Vice President of Security, Compliance & Identity (SCI) Business Development

Microsoft

Read More
/media/images/GIG/People/J/Johnson_AnnBW.jpg

Ann S. Johnson

Corporate Vice President of Security, Compliance & Identity (SCI) Business Development

Microsoft

As Corporate Vice President of Security, Compliance & Identity (SCI) Business Development at Microsoft, Ann Johnson oversees the long-term investment and partnership strategies for security, compliance, and identity for one of the largest tech companies on our planet.

Driving the evolution and implementation of Microsoft’s short and long-term security investment and strategic partner roadmap, she has become a recognized thought leader on cybersecurity and a sought-after global speaker and digital author specializing in cyber resilience, online fraud, cyberattacks, compliance and emerging security.

From the way the tech industry is tackling cyber threats to the language it uses to communicate, Ann is challenging traditional schools of thought - traditional cyber-norms - and encouraging the industry to get outside its comfort zones and expand how we address the evolving threat landscape by combining technology and the power of people. As a global cybersecurity influencer and strategist who regularly engages with C-level decision makers, she is looking past the pandemic at how today’s cybersecurity investments will impact tomorrow’s cybersecurity reality.

Prior to joining Microsoft, her executive leadership roles included CEO of Boundless Spatial, President and COO of vulnerability management pioneer Qualys, Inc. and Vice President of World Wide Identity and Fraud Sales at RSA Security, a subsidiary of EMC Corporation. She holds a Bachelor of Science from Weber State University with a dual major in political science and communication. She has completed the majority of the required coursework toward her MBA with a concentration in statistics.

Dedicated to giving back to her community, Ann currently serves on the boards and as a board advisor of the Security Advisor Alliance, the Financial Services Information Sharing and Analysis Center (FS-ISAC), Executive Women’s Forum, HYPR (a biometric security firm) as well as the Executive Sponsor of the Microsoft Women in Security Group and co-executive sponsor of Microsoft GLEAM. In addition, she dedicates her philanthropy - in terms of time and fundraising - to animal and youth causes. She is also the host of Afternoon Cyber Tea with Ann Johnson, a weekly cybersecurity podcast series where she talks with some of the biggest cyber influencers in the industry.

/media/images/GIG/People/B/Berkey_BradBW.jpg

Brad Berkey

Global Business Strategy

Microsoft

Read More
/media/images/GIG/People/B/Berkey_BradBW.jpg

Brad Berkey

Global Business Strategy

Microsoft

Brad is responsible for leading business strategy for emerging markets and industries. In this role Brad works across Microsoft’s Engineering disciplines developing customer engagement and partner strategies.

Prior to moving to engineering Brad was responsible for Microsoft’s Word Wide SAP COE Organization. In this role, Brad managed the WW SAP Sales organization, GTM and Partner teams. engaging our top Customers, Partners and Field Sales Leadership around Microsoft’s SAP Business. In addition, Brad was the Executive Sales Sponsor for Microsoft to SAP Brad was responsible for the Americas SAP Center of Excellence, where he led complex sales engagements.

Before joining Microsoft, Brad spent 8 years at SAP in various roles, including, Sr Director of SAP Global Alliances, where he was responsible for the Intel, Microsoft and Hewlett Packard partnerships. Brad has held leadership roles ranging from VP of Channel Sales/Consulting and Senior Director of Emerging Markets for companies including Arzoon and Oracle respectively.

Brad also spent 6 years working for the Federal Government at UCLLNL as an engineer and has over 30 years in the Technology sector.

Today Brad resides in Sacramento CA, with his wife and 2 children.

/media/images/GIG/People/F/Friedman_AllanBW.jpg

Allan Friedman, PhD

Director of Cybersecurity Initiatives, National Telecommunications and Information Administration

Department of Commerce

Read More
/media/images/GIG/People/F/Friedman_AllanBW.jpg

Allan Friedman, PhD

Director of Cybersecurity Initiatives, National Telecommunications and Information Administration

Department of Commerce

Allan Friedman is Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multi-stakeholder processes on cybersecurity, focusing on addressing vulnerabilities in IoT and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text 'Cybersecurity and Cyberwar: What Everyone Needs to Know,' has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.

/media/images/GIG/People/B/Boyens_JonBW_0.jpg

Jon Boyens

Deputy Chief, Computer Security Division

National Institute of Standards and Technology

Read More
/media/images/GIG/People/B/Boyens_JonBW_0.jpg

Jon Boyens

Deputy Chief, Computer Security Division

National Institute of Standards and Technology

Jon Boyens is the Deputy Chief of the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His responsibilities include Cybersecurity Research and Development at NIST and Cybersecurity Standards and Guidelines for Federal Agency Security Programs. He also leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program, helps develop and coordinate the Department of Commerce's cybersecurity policy among the Department’s bureaus, and represents the Department in the Administration’s interagency cybersecurity policy process. Boyens has worked on various White House-led initiatives, including those on trusted identities, botnets, the Cybersecurity Framework and Roadmap, telecommunications supply chain and, more recently, government-wide implementation of the Federal Acquisition Supply Chain Security Act.

Since 2010, Boyens has conducted research to identify, evaluate and develop technologies, tools, techniques, practices, and standards needed to enable organizations to manage supply chain risk. Building on this research, he led a team to develop and issue a set of foundational, standardized, repeatable, and feasible practices to help organizations manage cyber supply chain risks to their organizations and systems. These practices were released in 2015 as NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Continuing on this line, Boyens has since released research and findings on criticality analysis, industry key practices for Cyber SCRM, supplier interdependency and impact analysis, and is currently in the process of updating SP 800-161.

/media/images/GIG/GIGEvents/2019Custom/Speakers/BobKolasky2019.jpg

Bob Kolasky

Assistant Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency

Department of Homeland Security

Read More
/media/images/GIG/GIGEvents/2019Custom/Speakers/BobKolasky2019.jpg

Bob Kolasky

Assistant Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency

Department of Homeland Security

Bob Kolasky was selected to lead the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) in 2018, at the Department of Homeland Security (DHS). As Director, he oversees the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. The Center provides a central venue for government and industry to combine their knowledge and capabilities in a uniquely collaborative and forward-looking environment. Center activities support both operational and strategic unified risk management efforts.

Mr. Kolasky’s current position is the culmination of years of risk and resilience experience. He most recently served as the Deputy Assistant Secretary and Acting Assistant Secretary for NPPD’s Office of Infrastructure Protection (IP), before it became the CISA Infrastructure Security Division on November 16, 2018, where he led the coordinated national effort to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including soft targets and crowded spaces.

Mr. Kolasky has served in a number of other senior leadership roles, including acting Deputy Under Secretary for NPPD before it became CISA. In that position, he helped to oversee CISA’s efforts to secure the nation’s physical and cyber infrastructure. He has also held a position as the Director of Strategy and Policy for the Infrastructure Security Division, where he led strategic planning, performance management and budgeting for the organization, and served as Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.

He is also the former Assistant Director for the Office of Risk Management Analysis at DHS where he was responsible for developing policies and processes to enable risk-informed strategic decisions by DHS. Prior to joining DHS, he was a journalist and an entrepreneur. He helped start two of the first public policy web sites and served as the Managing Editor for IntellectualCapital.com.

Mr. Kolasky joined the Federal government in 2008 after six years as a management consultant. He graduated from Dartmouth College in 1994 and from the Harvard Kennedy School in 2002.

/media/images/GIG/People/M/Montgomery_MarkBW.jpg

Mark Montgomery

Senior Advisor

Cyberspace Solarium Commission

Read More
/media/images/GIG/People/M/Montgomery_MarkBW.jpg

Mark Montgomery

Senior Advisor

Cyberspace Solarium Commission

Mark Montgomery serves as the Senior Advisor to the Chairmen of the Cyberspace Solarium Commission, and was the Executive Director. He is also the Senior Director of the Center on Cyber and Technology Innovation and a Senior Fellow at the Foundation for Defense of Democracies. He previously served as Policy Director for the Senate Armed Services Committee under the leadership of Senator John S. McCain.

Mark completed 32 years as a nuclear trained surface warfare officer in the U.S. Navy, retiring as a Rear Admiral in 2017. He commanded the USS McCampbell (DDG 85) and Destroyer Squadron FIFTEEN. His flag officer assignments included Director of Operations (J3) at U.S. Pacific Command; Commander of Carrier Strike Group 5 embarked on the USS George Washington stationed in Japan; and Deputy Director, Plans, Policy and Strategy (J5) at U.S. European Command.

Agenda

8:30 AM

Tuesday, January 19, 2021

Welcome & Opening Remarks

8:35 AM

Tuesday, January 19, 2021

Opening Keynote | Navigating the IT Supply Chain Security Risk Journey

Keith Nakasone, Deputy Assistant Commissioner, Acquisition
Office of Information Technology Category
Federal Acquisition Service, General Services Administration

Alex Whitworth*, Director of Supply Chain Management, Carahsoft

*Providing Session Opening Remarks

Description


With renewed focus on supply chain risk management following recent events, learn how GSA will be working with agencies and the Federal Acquisition Security Council to develop a strategy and a framework that contains standards, information sharing and involvement of all the stakeholders.

Sponsored By:

9:05 AM

Tuesday, January 19, 2021

Understanding and Managing 3rd Party Risk With Visibility, Insight and Action

Dan Carayiannis, Public Sector Director , RSA Archer

Description

 

Sponsored by:

9:25 AM

Tuesday, January 19, 2021

Building a Trusted ICT Supply Chain

Mark Montgomery, Senior Advisor , Cyberspace Solarium Commission

Description


Dependency on adversary countries for materials in some of our most critical supply chains threatens to undermine the trustworthiness of critical technologies and components that constitute and connect to cyberspace. This dependency also risks impairing the availability of these same critical technologies and components and compromises American and partner competitiveness in global markets in the face of Chinese economic aggression.

To address these and other challenges, the U.S. Cyberspace Solarium Commission recently released a white paper proposing a five-pillar strategy for securing trusted supply chains for critical ICTs. Solarium Commission Executive Director Mark Montgomery will discuss the Commission's proposed strategy and accompanying recommendations to develop an industrial base strategy, identify key technologies and equipment, and foster public-private partnerships for ICT supply chain risk management.

9:50 AM

Tuesday, January 19, 2021

How Microsoft is Addressing IT Supply Chain Security

Ann S. Johnson, Corporate Vice President of Security, Compliance & Identity (SCI) Business Development, Microsoft

Brad Berkey, Global Business Strategy, Microsoft

Description

Sponsored by:

10:10 AM

Tuesday, January 19, 2021

Coffee Break

10:15 AM

Tuesday, January 19, 2021

Key Lessons for Managing Cyber Risks in the Supply Chain

Jon Boyens, Deputy Chief, Computer Security Division, National Institute of Standards and Technology

Description


A NIST executive provides guidance and a high-level overview of key practices in cyber supply chain risk management for both public and private organizations. He will also discuss how implementation is different for public and private sector organizations.

10:40 AM

Tuesday, January 19, 2021

Assuring Device Integrity in the Supply Chain and Beyond

John Loucaides, VP, R&D , Eclypsium

Description

Sponsored by:

11:00 AM

Tuesday, January 19, 2021

Software Bill of Materials: Transparency in the Software Supply Chain

Allan Friedman, PhD, Director of Cybersecurity Initiatives, National Telecommunications and Information Administration, Department of Commerce

Description


The first step to better security in the software supply chain is understanding what we have. All modern software is built on smaller components. A "software bill of materials" (SBOM) tracks those underlying components, enabling better development, risk management, vulnerability management, and incident response. This presentation will summarize the international, cross-sector work convened by NTIA to establish the technical and operational basics of SBOMs to enable further supply chain security work.

11:25 AM

Tuesday, January 19, 2021

Applying Machine Learning to Reveal Hidden Supply Chain Resilience Weaknesses and Adversarial Infiltration

Erik Ekwurzel, Chief Technology Officer, Dun & Bradstreet

Description


Sponsored By:

11:45 AM

Tuesday, January 19, 2021

Closing Keynote | Building an Effective Supply Chain Shield

Bob Kolasky, Assistant Director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security

Description


The Assistant Director of the National Risk Management Center will discuss how the shift to extended remote work for the foreseeable future is changing the cyber-attack surface, and what agencies need to know about the role supply chain vulnerabilities play in those attacks. He will also offer some suggestions about the best way to inform employees who may be using their personal devices and equipment about the risks that come with equipment that may not be as secure as enterprise or government equipment and offer some ways to mitigate those risks.

12:10 PM

Tuesday, January 19, 2021

Closing Remarks

Underwriters

RSA
Microsoft
Eclypsium
Dun & Bradstreet