Eric Trexler, vice president of global government sales at Forcepoint, has said that agencies need to incorporate stringent controls to ensure that supplier networks are secure even after they are verified.
Trexler wrote in an opinion piece published Friday on Defense Systems that agencies must implement measures such as threat intelligence, analytics and network segmentation at the supply-chain level to inculcate requirements beyond the Department of Defense’s Cybersecurity Maturity Model Certification program.
He noted that “highly customized” analytics tools can help visualize patterns of normal network and app behavior from the start of the supply chain to end-users.
Uncharacteristic or abnormal patterns such as discrepancies in sensor readings and unusual spending must trigger alerts to ensure timely response and prevention of data breaches, he added.
According to Trexler, suppliers have “extensive access” to classified or sensitive resources that bring risks of sabotage to the global supply chain and U.S. intellectual property.
“Federal agencies must be prepared,” he said. “CMMC represents important progress, but other steps should be in place to respond to an eventual and inevitable breach. We must begin to think differently and assume that the supply chain is compromised and change our operating procedures accordingly.”