The Department of State is working to provide extra cyber-supply chain risk training to 150 contracting officers around the globe, according to a senior official.
Speaking Tuesday at an industry event in Washington, D.C., State Department Director of Cybersecurity Supply Chain Risk Management Zetra Batiste said the agency’s Bureau of Information Resource Management is providing the additional training to help combat the rising threat of procurement processes being used to introduce malware into U.S. government systems.
Her comments come amid heightened concerns over cyber supply chain risk and what measures, such as the provision of software bills of material, should be imposed on technology companies working with government agencies.
She said: “My top priority is continuing to stay on top of our acquisition requirements because that [the procurement process] is how threats are introduced into the environment.”
The State Department employs hundreds of contracting officers based around the world, speaking different languages, who are responsible for negotiating contracts on behalf of the agency.
Batiste said her bureau is focused on creating repeatable processes for managing the IT supply chain that allow it to manage risks.
Last year, the Biden administration announced new plans under which all software vendors working with federal government agencies would be required to sign and provide attestation forms guaranteeing the cybersecurity of their products.
The new measures will make the collection of attestation forms a key part of federal government technology procurement, but contractors will not have to submit them for open-source software they use.
Concerns over cyber-supply chain risk across U.S. government agencies have risen since the 2020 SolarWinds cyber breach, during which foreign hackers used the software supply chain to exfiltrate data from departments including the Treasury and Homeland Security.