The Cybersecurity and Infrastructure Security Agency (CISA), a Multiple Award Winner in the 2022 ‘ASTORS’ Homeland Security Awards Program, has released a new Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management products from the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force.
CISA’s new HBOM provides a framework that includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate depending on the purpose for which the HBOM will be used.
“The HBOM Framework offers a consistent and repeatable way for vendors and purchasers to communicate about hardware components, enabling effective risk assessment and mitigation in the supply chain,” explained Mona Harrington, CISA National Risk Management Center Assistant Director and ICT SCRM Task Force Co-Chair.
“With standardized naming, comprehensive information, and clear guidance, organizations can safeguard against economic and security risks, enhancing overall resilience.”
“By enhancing transparency and traceability through HBOM, stakeholders can identify and address potential risks within the supply chain, ensuring that the digital landscape remains robust and secure against emerging threats and challenges.”
(CISA’s new Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management will assist organizations in evaluating and mitigating risks before purchasing new products and technologies. Courtesy of CISA and YouTube.)
CISA HBOM Framework includes the following key components:
Use Case Categories (Appendix A):
Provides a range of potential use cases that purchasers may have for HBOMs, based on the nature of the risk the purchaser seeks to evaluate.
Format of HBOMs (Appendix B):
The framework sets forth a format that can ensure consistency across HBOMs and increase the ease with which HBOMs can be produced and used.
Data Field Taxonomy (Appendix C):
Provides a taxonomy of component/input attributes that, depending on the use for which the purchaser intends to use an HBOM, may be appropriate to include in an HBOM.
“This methodology gives organizations a useful tool to evaluate supply chain risks with a consistent and predictable structure for a variety of use cases,” stated John Miller, Senior Vice President of Policy and General Counsel at the Information Technology Industry Council (ITI) and ICT SCRM Task Force Co-Chair upon the release.
The HBOM Framework was developed by the ICT SCRM Task Force’s HBOM Working Group, which includes subject matter experts from a diverse set of private and public sector organizations.
“This resource plays a vital role in adopting proactive approaches to mitigate risks effectively,” added Robert Mayer, Senior Vice President of Cybersecurity and Innovation at US Telecom and ICT SCRM Task Force Co-Chair.
The ICT SCRM Task Force embodies CISA’s collective defense approach to enhance the ICT supply chain resilience.
Members will continue to explore means for building partnerships with international partners, additional critical infrastructure sectors, and stakeholders who can help grow the applicability and utilization of Task Force products and support the Federal Acquisition Security Council (FASC).
For additional information, please visit the ICT Supply Chain Risk Management Task Force webpage here.
CISA Nominated to Return to 2022 ‘ASTORS’ Homeland Security Awards Program
American Security Today’s Annual ‘ASTORS’ Awards, is the preeminent U.S. Homeland Security Awards Program, and now in its Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
Active shooter incidents are often unpredictable and evolve quickly.
Amid chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident. DHS aims to enhance preparedness through a “whole community” approach by providing products, tools, and resources to help you prepare for and respond to an active shooter incident.
(For example, CISA’s “Active Shooter Preparedness: School Security and Resilience” video provides information geared towards educators, school resource officers, and school administrators who serve in important roles in safeguarding schools. Courtesy of CISA and YouTube.)
To access the most applicable information, please select the appropriate category for your application from the following: First Responders and Security Professionals, Private Citizens, Critical Infrastructures and Business, Active Shooter Preparedness Workshop/Webinar, Employee Vigilance and De-escalation, Products/Resources.
Learn More, through CISA’s series of videos for additional information.
(The DHS Active Shooter PowerPoint Presentation and Webinar video is used by DHS-qualified subject-matter experts as a visual reference to guide critical infrastructure owners and operators with a better understanding of developing an organization’s emergency action plan. Courtesy of CISA and YouTube.)
Using a vehicle as a weapon in a terrorist attack is not new.
Recent terrorist incidents and violent extremist propaganda demonstrate that using vehicles as a weapon continues to be of interest to those wishing to cause harm.
Attacks of this nature require minimal capability but can have a devastating impact in crowded places with low levels of visible security.
To aid our nation’s first responders and citizens, CISA offers the following resources: the Vehicle Ramming Self-Assessment Tool, the Self-Assessment Tool Resources, the First Responder Toolbox, General Resources, and videos.
(Learn More. The FBI, DHS, and TSA—in coordination with the Truck Renting and Leasing Association and the American Car Rental Association—have released a short training video to help vehicle rental employees identify suspicious activities and behavior by customers who may wish to use a rented vehicle for nefarious purposes. Courtesy of the FBI – Federal Bureau of Investigation and YouTube. Posted on Aug 3, 2022.)
To contact the Vehicle Ramming Attack Mitigation team or to get more information on Vehicle Ramming Attack Mitigation, please contact CISA.ISD.OSP.VehicleRammingMitigation@cisa.dhs.gov.
Nitin Natarajan, Deputy Director, CISA
Nitin Natarajan was appointed as the Deputy Director for CISA on February 16, 2021. Before joining CISA in February 2021, Natarajan served in various public and private sector positions spanning over 30 years.
Most recently, he served as an executive at consulting firms providing subject matter expertise on many topics, including IT, cybersecurity, homeland and national security, critical infrastructure protection, environmental emergency management, continuity of operations, and health security matters.
Natarajan also held several federal government roles, including serving as the Deputy Assistant Administrator for the Office of Land and Emergency Management at the U.S. Environmental Protection Agency, the Director of Critical Infrastructure Policy at the White House/National Security Council, and the Director at the U.S. Health and Human Services overseeing their critical infrastructure, continuity of operations (COOP), and medical logistics programs.
Before serving in the federal government, Natarajan served in positions at the state/local government level and served as a hospital administrator.
Natarajan started his career by spending 13 years as a first responder in New York, including service as a flight paramedic. He was the Commander of a federal medical response team based in New York and has extensive experience deploying to natural and man-made disasters nationwide.
He holds an undergraduate degree from the State University of New York and a graduate degree from the United States Naval Postgraduate School.
(Hear from Nitin Natarajan to learn more about the Cybersecurity and Infrastructure Security Agency (CISA) is an operational component of the Department of Homeland Security (DHS). Under the leadership of Director Jen Easterly, CISA works to understand, manage, and mitigate risk to the nation’s cyber and physical infrastructure in the public and private sectors. Their virtual mini-Industry Day events allow CISA and industry leaders to have meaningful discussions about cybersecurity, infrastructure, risk management, communications capabilities, challenges, technologies, and future business opportunities. Courtesy of CISA and YouTube.)
As America’s Cyber Defense Agency, the Cybersecurity and Infrastructure Security Agency (CISA), leads the national effort to understand, manage, and reduce risk to our critical infrastructure.
CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience, and was designed for collaboration and partnership.
CISA develops a range of cyber and infrastructure security services, publications, and programs for federal government, SLTT governments, industry, small and medium businesses, educational institutions, and the American public.
To learn about CISA’s layered mission to reduce the nation’s cyber and physical infrastructure risk, please visit www.cisa.gov/about.
(Learn More about the Cybersecurity and Infrastructure Security Agency (CISA). Courtesy of CISA and YouTube.)