Why is a cyber supply chain important?

Amidst the current threat landscape, agencies like the General Services Administration, Defense Department, Department of Homeland Security and the Intel community have begun working together to bring more efficient and secure methodologies to the procurement process. They do this while paying attention to the risk management of the cybersecurity supply chain.

On this edition of Cyberchat, host Sean Kelley sat down with GSA’s William Zielinski, Assistant Commissioner, Information Technology Category and Lawrence Hale, Director, IT Security, Information Technology Category to discuss the acquisition process and vehicles for the cybersecurity supply chain.

“[GSA’s IT category] builds and maintains a series of very large pre-competed governmentwide acquisition contracts,” Zielinsky said.

Generally, agencies who use GSA vehicles for procurement will get better pricing and be able to move through the acquisition process faster, because the groundwork has already been laid, freeing up government procurement professionals to focus their efforts on mission critical acquisitions.

Zielinski explained how this new procurement process affects the cybersecurity supply chain. He said stakeholders from IT security, acquisitions and risk management team together to assess what they are buying and from whom. “We’re actually making a purchase of a technical capability, we have assessed those things and they are actually part of how we go about buying our technical capability.”

There is also increased pressure from Capitol Hill that requires agencies taking a closer look at the risks associated with the cybersecurity supply chain – in legislation like Section 889 of the National Defense Authorization Act and the Secure Technology Act.

GSA’s Hale explained another benefit of a cybersecurity supply chain. “There are a number of examples of GSA activity that reduce duplicative efforts by offering security screening that’s built into the solutions.” Hale pointed to FedRAMP and CDM programs where one authorization is used by multiple agencies.

Hale said using the GSA schedule helps avoid the added cost of competing on one-off contracts for industry. “We find that industry tends to be one of our best proponents … when they learned that agencies are thinking about doing a solicitation on cybersecurity, they’ll say, you should do that on GSA. And here’s why,” Hale said.