US Government’s CISA launches new office to protect country against malware when procuring IT services

The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) is building out a new supply chain risk management office to help agencies, industry and other partners to act on the raft of new cybersecurity regulations, guidance and policies.

This follows a 2020 finding by the US Government that most major agencies had not implemented supply chain security practices due to a lack of federal guidance.

CISA is an agency of the US Department of Homeland Security, and is responsible for cyber protection across all levels of government. The new office falls under CISA’s jurisdiction, and is led by Shon Lyublanovits, a former General Services Administration, an independent US government agency that supports all federal agencies.

Lyublanovits will head-up supply chain cyber risk-management at Federal level, as supply chain stakeholders seek to navigate the rapidly changing cyber landscape.

This began changing in earnest after then-US President Donald Trump approved the National Cyber Strategy (NCS), a key objective of which is to improve Federal management of the supply chain.

A critical component of the NCS is the integration of supply chain risk management into the procurement and use of IT, to ensure the government deploys safe, reliable, and resilient technology.

To this end, the SECURE Technology Act was passed, which gave rise to the Federal Acquisition Security Council (FASC), whose function is to develop government-wide criteria for federal supply chain risk management programmes.