Latest Posts:
TheTechAgents
Tag

chain

Browsing
Internet

Pentagon supply chain fails basic national security standards By Techagents

Most contractors hired by the Department of Defense over the past five years failed to meet required minimum cyber security standards, posing a significant risk to US national security.

Managed services vendor CyberSheth released a report on November 30 showing that 87% of the Pentagon supply chain fails to meet basic cybersecurity minimums. Those security gaps are subjecting major defense contractors and their subcontractors to massive cyberattacks, putting US national security at risk.

Those risks have been well known for some time without efforts to fix them. According to CyberSheth, this independent study of the Defense Industrial Base (DIB) is the first to show that federal contractors are not properly protecting military secrets.

DIB is a complex supply chain consisting of 300,000 primes and subcontractors. The government allows these approved companies to share sensitive files and communicate securely to get their jobs done.

To keep those secrets safe, defense contractors will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance. Meanwhile, the report warns that nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns.

“Awarding contracts to federal contractors without first validating their cybersecurity controls is a complete failure,” Eric Noonan, CEO of CyberSheth, told TechNewsWorld.

Defense contractors have been mandated to meet cyber security compliance requirements for more than five years. Those terms are embedded in more than a million contracts, he said.

alarming details

The Merrill Research Report 2022, commissioned by CyberSheth, revealed that 87% of federal contractors have a sub-70 Supplier Performance Risk System (SPRS) score. The metric shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

DFARS has been in law since 2017 and requires a score of 110 for full compliance. Critics of the system considered the 70 to be “good enough”. Yet, the overwhelming majority of contractors still come up short.

Eric Noonan said, “The report’s findings show a clear and present threat to our national security.” “We often hear about threats to supply chains that are more susceptible to cyberattacks.”

The DIB is the Pentagon’s supply chain, and we see how poorly prepared contractors are despite being in the crosshairs of risk actors.

“Our military secrets are not secure, and there is an urgent need to improve the cyber security posture for this group, which often does not meet even the most basic cyber security requirements,” Noonan warned.

more report findings

Survey data came from 300 US-based DOD contractors, with accuracy tested at the 95% confidence level. The study is completed in July and August 2022, with CMMC 2.0 on the horizon.

Roughly 80% of DIB users failed to monitor their computer systems around the clock and lacked US-based security monitoring services. Other deficiencies were evident in the following categories that would be required to achieve CMMC compliance:

  • 80% lack a vulnerability management solution
  • 79% lack a comprehensive multi-factor authentication (MFA) system
  • 73% lack an endpoint detection and response (EDR) solution
  • 70% have not deployed Security Information and Event Management (SIEM)

These security controls are legally required of the DIB, and since they are not met, there is a significant risk to the DoD and its ability to conduct armed defense. In addition to widespread non-compliance, 82% of contractors find it “moderately to extremely difficult to understand government regulations on cyber security”.

Confusion prevails among contractors

As per reports, some of the DIB’s defense contractors focused on cyber security have only been halted by roadblocks.

When asked to rate DFARS reporting challenges on a scale of one to 10 (with 10 being extremely challenging), about 60% of all respondents rated “understanding requirements” a seven out of 10 or more. Also regular documentation and reporting were on top of the list of challenges.

The primary barriers listed include challenges in understanding the steps required to achieve compliance, difficulty in implementing sustainable CMMC policies and procedures, and the overall cost involved.

Unfortunately, these results are in line with what CyberSheth expected, Noonan acknowledged. He said the research confirmed that even fundamental cyber security measures such as multi-factor authentication were largely ignored.

Noonan said, “This research, combined with the False Claims Act case against defense giant Aerojet Rocketdyne, shows that defense contractors both large and small are not meeting contractual obligations for cyber security and that the DoD has access to their supplies.” There is systemic risk in the series.”

no big surprise

Noonan believes the Defense Department has known for a long time that the defense industry is not addressing cyber security. News reporting of never-ending nation-state violations by defense contractors, including large-scale incidents like the SolarWinds and False Claims Act cases, prove that point.

“I also believe that the DoD has run out of patience after giving contractors years to fix the problem. Only now is the DoD going to make cyber security a pillar of contract acquisition,” Noonan said.

He noted that the planned new DoD doctrine would be “no cyber security, no contract”.

Noonan acknowledged that there is merit to some of the conflicts raised by contractors about difficulties in understanding and meeting cyber requirements.

“It is a fair point as some of the messaging from the government has been inconsistent. In fact, however, the requirements have not changed since 2017,” he offered.

what will happen next

Perhaps the DoD will adopt a stricter policy with contractors. If contractors complied with the legislation required in 2017, the entire supply chain would be in a much better shape today. Despite some communication challenges, the DoD has been incredibly consistent on what is required of defense contractor cybersecurity, Noonan said.

The current research now sits on top of a mountain of evidence that proves federal contractors have a lot of work to do in improving cyber security. It is clear that without enforcement from the federal government the work will not get done.

“Trust without verification failed, and now DoD is moving to enforce verification,” he said.

DoD response still pending

TechNewsWorld submitted written questions to the DoD about the supply chain criticism in the CyberSheath report. A spokesperson for the Cyber/IT/DOD CIO for the Department of Defense responded, adding that it would take a few days to investigate the issues. We’ll update this story with any response we get.

Read More
By
Internet

Grocery home delivery can run on cold chain technology By Techagents

Last mile delivery of products ordered online is a serious problem for merchants and consumers, and it is even more challenging for food retailers.

The innovative Phononic EV could drive a new solution to efficiently and sustainably deliver groceries, rivaling Amazon’s planned aerial drone package delivery system.

Phononic unveiled its electronic vehicle for permanent last mile delivery on August 31 at the Home Delivery World Show in Philadelphia. At this point, the vehicle is a functional proof of concept. It is not available in the market.

What happens next is in Sortimo’s hands. The two companies formed a partnership to fit the Ford E-Transit (Extended Edition) with reconfigurable shelving to create cold chain transport vans for grocery retailers without the risk of food spoilage on e-commerce Can go

Phononic’s new approach integrates thermoelectric-based cooling solutions into customized shelving. This partnership created the first truly sustainable cold chain grocery transport by turning an electric van into an all-electric tri-temperature vehicle.

The electric vehicle is free from environmentally harmful, artificially produced refrigerants called hydrofluorocarbons, or HFCs.

“We can see the potential for customer delivery by using EV vans equipped with Phononic technology for tri-temperature cooling in 2023,” Dana Krug, Phononic’s vice president and general manager, told TechNewsworld.

a peak inside

Phononic’s first electric vehicle is equipped with the company’s Activity Cooled Tote. Sortimo’s customized FR5 and SR5 van shelving is designed to be an optimal and efficient way to store chilled, frozen and general merchandise orders in one vehicle during grocery delivery.

With the SR5, shelves can be configured to fit any location to optimize payload and cargo capacity. As online ordering has become the preferred choice of consumers, all-electric technology can help grocers to grow their last-mile delivery fleet in a sustainable manner.

Phonetic Temperature Controlled Totes for Food Safety

image credit: phononic

According to Krug, it provides increased customer loyalty and access to same-day delivery while driving a stronger ROI with increased levels of consistency. Its technology is naturally a great mobile platform.

The delivery van uses proprietary solid-state cooling technology instead of existing compressor-based mechanical systems that can fail. Its system’s compact heat pump allows for greater capacity in a single space. Controls reduce energy requirements.

on demand heating up

Market studies show that the demand for online food purchase is increasing rapidly. Online grocery ordering and delivery is here to stay, making last mile execution even more important.

“Maintaining the right temperature for a range of food – frozen, chilled and ambient – ​​is forcing grocery retailers to rethink their entire operations,” Krug observed.

“As online ordering becomes the preferred choice for consumers, all-electric technology can help grocers grow their last mile delivery fleet in a more sustainable manner, driving a stronger ROI with improved customer loyalty and increased levels It provides access to same-day delivery and stability,” he said.

As the demand for grocery deliveries increases, the need for more vehicles to perform those deliveries will increase. Industry reports estimate the number of delivery vehicles on the road to increase by 36% by 2030.

“We give retailers the option of using electric vehicles that can be connected to our solid-state cooling technology. This reduces the total global warming potential (GWP) rather than compounding the problem with combustion-based vehicles fitted with compressor-based high GWP refrigerants,” he said.

If retailers want to remain relevant and competitive, the current grocery delivery process is not sustainable for longevity, Krug said. Today’s grocery delivery requires a new approach that is sustainable and cost-effective.

Expect Phonetic Fleet

Eric Nelson, Director of Sales Fleet Mobility Solutions at Sortimo, said the goal is to develop innovative mobility solutions that help solve issues plaguing the environment.

“Working with Phononic to fit this one-of-a-kind, eco-friendly, all-electric vehicle has allowed us to be part of designing the first wave of truly sustainable grocery delivery,” he offered.

Phononic is still testing the van to understand its impact on the vehicle’s range. But Krug expects the effect to be less.

The Tri-Temperature EV was designed to increase the route density of delivery for retailers. Its unique design allows retailers to add general merchandise and temperature controlled items in addition to groceries to optimize routing for fewer total delivery miles.

Phononic does not plan to sell the actual van, Krug said. By partnering with Sortimo, his company sees an opportunity to refit not only the Ford E-Transit but other vans.

how it works

A possible solution is Phononic’s cooling technology, which uses naturally available CO. Uses water mixed with2, Krug explained. Solid-state technology, portable freezing and refrigeration are now a reality, and the combination keeps anything cold anywhere.

Truly portable freezing and refrigeration has never been possible due to environmental challenges such as shock and vibration, weight, size and availability of power. Its DC-powered refrigeration is controlled by solid-state technology and can enable battery-powered refrigeration.

This method provides consistent, reliable cooling over a long period of time. This reality gives food traders confidence that the ingredients will be kept safely at the required temperature.

Phononic refrigerant system uses only CO2 and water

Phononic’s cooling technology is only CO. makes use of2 And water, as a refrigerant, eliminates environmentally destructive HFCs. (image credit: Phononic)

The system is monitored via Wi-Fi or cellular data to verify cold chain compliance. Solid-state cooling can respond to remote commands for complete temperature control anytime, anywhere.

An important advantage is the ability to reduce the temperature of the entire cargo container or specific compartments inside the vehicle as needed. This optimizes energy use while keeping the rest of the space at a standard temperature.

Thermoelectric technology has been around for more than a century. Until now, what was missing, according to Phononic, was integrating the engineering disciplines of pumping, moving, and controlling heat to create a new thermoelectric system that is powerful, flexible, and efficient.

About vehicle customization

Phononic started its EV delivery van project in June 2021. This vehicle is a fully functional test model, but can be adapted for other vans that require eventual cold chain delivery.

Sortimo’s FR5 shelves are foldable and designed specifically for courier, express delivery and parcel services. SR5 shelves provide the flexibility to develop the interior of the vehicle into any configuration that benefits delivery operation. Combined shelving options allow the transportation of chilled, frozen and general merchandise orders in one vehicle.

Ford’s E-Transit offers up to 487.3 cubic feet of cargo space inside the high ceiling. It has an extended wheelbase configuration and a range of about 126 miles on a single charge.

The market has seen a clear advantage for EV vehicles as compared to combustion based vehicles in distribution solutions. This is one reason you’ve seen announcements from major retailers with multiple EV companies for thousands of EV vans used for grocery delivery, Krug argued.

“Adding a tri-temperature cooling solution from Phononic gives retailers a cold chain solution that eliminates the need for dry ice or other passive cooling options, as well as the high GWP figurines used in compressor tri-temp delivery vans. ,” They said.

Read More
By
Information Technology

Ransomware biggest risk to supply chain in IT professionals’ minds By Techagents

Ransomware is the top supply chain risk facing organization today, according to a survey released Monday by ISACA, a consortium of IT professionals with 140,000 members in 180 countries.

The survey, based on responses from more than 1,300 IT professionals with Supply Chain Insights, found that nearly three-quarters of respondents (73%) said ransomware was a major concern when considering supply chain risks to their organizations .

Other major concerns include poor information security with physical or virtual access to information systems, software by suppliers (66%), software security vulnerabilities (65%), third-party data collection (61%) and third-party service providers or vendors. exercises were included. Code or IP (55%).

The increased concern about ransomware can be because it can take a double whammy for an organization.

“First, there is the risk of an attacker finding an attack path into an organization from a compromised vendor or software dependency, as we saw with the SolarWinds and Kasia attacks, which saw a large number of downstream victims travel through that supply chain. impressed,” Chris explained. Clements, vice president of solution architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Then there are secondary effects,” he continued, “where a ransomware gang can steal data stored on a third-party provider and attempt to take out both organizations by threatening to release it publicly if the ransom is not paid. Can do.”

“The other side of the coin is that a ransomware attack on an organization’s supply chain can cause significant operational disruption if the third party it depends on is unable to provide services because of a cyberattack,” he told TechNewsWorld. .

leader ignorance

Those attacks on the software supply chain can have a ripple effect on the physical supply chain. Eric Krone, security awareness advocate for KnowBe4, a security awareness training provider in Clearwater, Fla., said, “Ransomware contributes to significant disruptions in the already taxing supply chain when the systems that manage the creation and delivery of goods and services are compromised. is taken offline.”

“This could affect the ordering and tracking of inventory of materials needed to make the item, could affect the tracking of the status of items needed to fill orders and could cause problems with customers receiving materials, their could create shortages for customers,” he told TechNewsWorld.

“In a world of on-time order fulfillment, any delay can affect the supply chain, affecting more and more people along the way,” he said.

Nearly a third of the IT professionals surveyed (30%) disclosed that the leaders of their organizations did not have an adequate understanding of supply chain risk. “The fact that it was only 30% was somewhat encouraging,” ISACA Board of Directors Rob Clyde told TechNewsWorld. “A few years ago this number would have been much higher.”

“I think a lot of ignorance comes from underestimating the number of dependencies and their criticism of how an organization operates,” Clements said.

“These third-party tools, by their nature, often require administrative rights for many, if not all, of the customer’s devices they interact with, meaning that only one of these vendor’s agreements is for their customer. Might be enough to completely compromise the atmosphere.”

“Likewise, there is often an ignorance of how much organizations rely on third-party vendors,” he adds, “most organizations do not have a ready-to-go fallback plan if a major provider such as their email The communications platform had to have an extended outage.”

pessimistic vein

Even in situations where leaders understand the risks to their supply chains, they will not make mistakes in terms of security. “In situations where companies have to choose between security and development, every time you see them choosing growth,” says Casey Bisson, head of product and developer relations for BlueBracket, a cybersecurity services company in Menlo Park, Calif. he said.

“It comes at the risk of their customers. It comes at the risk of the company itself,” he told TechNewsWorld. “But increasingly, we’re starting to see executives being held accountable for those choices.”

The ISACA survey also found a strong vein of pessimism among IT professionals about the security prospects of their supply chains. Only 44% indicated they had high confidence in the security of their organization’s supply chain, while 53% expected supply chain issues to remain the same or get worse over the next six months.

ISACA Survey Results Top Supply Chain Risks

Source: Isaka | Understanding Supply Chain Security Gaps | 2022 Global Research Report

One of the more surprising findings of the survey was that 25% of organizations said they had experienced a supply chain attack in the past 12 months. “I didn’t think it would be anywhere near that high,” Clyde said.

“While many organizations have experienced cyberattacks in the past 12 months, I didn’t think there would be many to blame for a supply chain problem. If we had asked this question many years ago, it would have been a much smaller number. , “They said.

Meanwhile, more than eight in 10 of tech experts (84%) said their supply chains needed better governance than they do now.

“It just doesn’t work the way we try to authenticate supply chain partners today,” said Andrew Hay, COO of Lares, an information security consulting firm in Denver.

“We either generate an arbitrary score based on external scan data and IP-based confidence or we try and force them to fill out 100 or more questions on a spreadsheet,” he told TechNewsWorld. “Neither accurately reflects how secure an organization is.”

need for auditing

Many factors come into play when trying to secure a supply chain, said Mike Parkin, a senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“Organizations only have full visibility into their own environments, which means they have to trust that their vendors are following best practices,” he told TechNewsWorld. “This means they are required to cover contingencies when a third party vendor breach occurs or has a build process that severely restricts the damages that can occur if it occurs.”

“It is even more complicated when an organization needs to deal with multiple vendors to compensate for shortages or disruptions,” he continued. “Even with the right risk management tools, it can be difficult to account for everything in play.”

Krone said there should be some trust in suppliers; However, if administration is extended to verify what organizations tell us, as opposed to relying on responses to a questionnaire, a system of auditing should be established.

“This will inevitably increase costs, something that many organizations work hard to keep as low as possible in order to remain competitive,” he said.

“While this may be easy to justify for critical government or military systems, it can be a hard sell for traditional suppliers,” he said. “To add to the challenges, it may be difficult or impossible to impose a regime on foreign suppliers of goods and materials. This is not an easy challenge to tackle and will remain a topic of discussion for a long time.

Read More
By