White Paper Offers Cyber Security Model to Address 21st Century Challenges
15 Junho 2009 - 11:13AM
PR Newswire (US)
Cyber-Supply Chain Assurance Reference Model Fuses Fields of Cyber
Security and Supply Chain Risk Management COLLEGE PARK, Md., June
15 /PRNewswire-USNewswire/ -- A collaborative white paper, Building
A Cyber Supply Chain Assurance Reference Model, released today by
Science Applications International Corporation (SAIC) (NYSE:SAI)
and the Supply Chain Management Center at the University of
Maryland's Robert H. Smith School of Business, tackles the nation's
cyber threat -- now elevated to a presidential imperative -- with
an outline for an innovative model that applies end-to-end supply
chain management to cyber security for the first time. The white
paper marks the final phase of a six-month project and addresses a
key discovery - that global cyber supply chains today are as
fragmented as physical supply chains were 15 years ago. The paper
follows the Obama administration announcement of a White House
cyber czar to develop strategy to protect the nation's government
and private computer networks while balancing national security and
economic concerns. With the cyber industry increasingly spread
across many different countries around the world, globalization has
intensified the potential threats. "There are strong parallels in
the evolution of the global supply chain that can be applied to the
field of cyber security," said Sandor Boyson, co-director of the
Supply Chain Management Center at the University of Maryland's
Robert H. Smith School of Business, a former Smith School chief
information officer and one of the project's key researchers. "Both
disciplines have labored to gain visibility over operations and
establish more collaborative and robust business ecosystems with
customers, distributors and suppliers on a worldwide basis. In
creating a framework that includes a common lexicon and by
highlighting shared responsibilities, we hope to heighten awareness
of this interlaced, larger supply chain world and the need to
create a governance structure that is adaptive enough to meet
real-world challenges." Drawing best practices from the evolution
of the global supply chain, researchers from the Smith School's
Supply Chain Management Center address the challenge of keeping
distributed, global networks secure from threats with a
well-defined and integrated model built upon a dynamic governance
structure that unites hardware and software planning. The result
offers potential for a significant advance in combating cyber
threats, viruses and attacks and represents a dramatic paradigm
shift from current industry practices. "It is a national security
imperative in a global economy that we have confidence in the
supply chains of integrated systems and the integrity of the
people, processes and technology that comprise them," said Hart
Rossman, chief technology officer for Cyber Security Solutions at
SAIC and a senior research fellow of the Supply Chain Management
Center at the University of Maryland's Robert H. Smith School of
Business. "The fusion of these two dynamic disciplines -- supply
chain risk management and cyber security -- will help address
emerging threats and vulnerabilities presented in the sourcing of
IT solutions worldwide. The framework identifies interdependencies
between system development life cycle activities across the supply
chain, providing insight and guidance to create flexible mitigation
strategies according to the risk appetite of an organization." The
Cyber Supply Chain Assurance Reference Model defines not only key
actors, processes, and vulnerabilities, but also identifies
strategic interdependencies at each node of the international
production/sustainment chain. Among the paper's key findings are:
-- A fully integrated cyber supply chain requires the coordination
of what researchers describe as "defense in depth," the process of
securing/hardening core systems and their constituent parts during
the build and deploy phases of the lifecycle; and "defense in
breadth," the process of securing the global web of actors who use
and maintain a system including customers, system integrators and
suppliers. -- There is a lack of visibility and coherence across
the cyber supply chain which prevents effective orchestration and
synchronization. -- There is a clear need for structured incentives
and relationship drivers which facilitate management of shared
risk. -- Lack of communication between the cyber and physical
supply chain domains is constraining advancement. -- Most
organizations mistakenly view themselves as the terminus in the
cyber supply chain and do not recognize the need for accountability
within all internal function areas, as well as among all suppliers,
customers and partners. The four-phase project drew on insight and
best practices across disciplines. The first phase included a
literature review, while phase two incorporated input following
extensive interviews with experts in the areas of policy making and
governance, acquisitions, hardware, software, network and
systems-integration assurance. In phase three, researchers compiled
interview results, analyzed findings and presented a prototype
Cyber Supply Chain Assurance Reference Model to a focus group of 30
government and industry executives. The research team included
Boyson, Thomas Corsi, co-director of the Smith School's Supply
Chain Management Center, and Rossman. A copy of the paper, Building
A Cyber-Supply Chain Assurance Reference Model, is available at:
http://www.saic.com/news/resources.asp. The project was funded
through SAIC's Strategic University Alliances initiative, which
focuses on campus activities in support of the company's strategic
goals, particularly strengthening the science and technology core
of SAIC. The next stage of research will begin later this month and
will focus on field work with a select group of public and private
organizations to validate the reference model and develop data
collection tools. With cyber security targeted as an area of
strategic emphasis, the U.S. government is expected to work closely
with security companies and other private companies to help secure
U.S. interests - especially the government and key infrastructure -
from future attacks. About SAIC SAIC is a FORTUNE 500(R)
scientific, engineering, and technology applications company that
uses its deep domain knowledge to solve problems of vital
importance to the nation and the world, in national security,
energy and the environment, critical infrastructure, and health.
The company's approximately 45,000 employees serve customers in the
U.S. Department of Defense, the intelligence community, the U.S.
Department of Homeland Security, other U.S. Government civil
agencies and selected commercial markets. SAIC had annual revenues
of $10.1 billion for its fiscal year ended January 31, 2009. For
more information, visit http://www.saic.com/. SAIC: From Science to
Solutions(R) About the University of Maryland's Robert H. Smith
School of Business The Robert H. Smith School of Business is an
internationally recognized leader in management education and
research. One of 13 colleges and schools at the University of
Maryland, College Park, the Smith School offers undergraduate,
full-time and part-time MBA, executive MBA, MS, PhD, and executive
education programs, as well as outreach services to the corporate
community. The school offers its degree, custom and certification
programs in learning locations in North America and Asia. Contact:
Carrie Handwerker 301-405-5833 Melissa Koskovich 703-676-6762
DATASOURCE: Robert H. Smith School of Business CONTACT: Carrie
Handwerker of Robert H. Smith School of Business, +1-301-405-5833,
; or Melissa Koskovich of SAIC, +1-703-676-6762, Web Site:
http://www.rhsmith.umd.edu/ http://www.saic.com/
Copyright