Security News > 2021 > June > Defense supply chain vulnerabilities creating security gaps
A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem.
Cybersecurity gaps were identified in the subcontractors' security practices to garner a better understanding of the security posture of less visible members of the complex defense supply chain.
Defense supply chain vulnerabilities Over half of the 300 SMB defense contractors had critical vulnerabilities to ransomware.
"For an industry with such an expansive, interconnected digital ecosystem, supply chain security should be a fundamental consideration. Prime contractors are under enormous pressure to reduce the attack surface of the entire supply chain but are partly blind to the vulnerabilities that exist. For smaller companies, identifying ongoing risks and understanding overall supply chain health is a daunting but vital process, and more attention and resources should be dedicated to combating the growing threat."
"Jim Rosenthal, CEO, BlueVoyant, concluded:"The U.S. defense supply chain is a vital national security asset, but the DIB is currently in an inefficiently secure state.
"The two Executive Orders: one on American Supply Chains, and the other on Improving the Nation's Cybersecurity, direct much-needed attention and funding to cybersecurity in the defense supply chain, but they are only the start. Closer co-operation between the DoD and the private sector is required to support a more vibrant, diverse and secure defense sector."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NDL2pcbhPTA/
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)