As NASA moves forward with its Moonshot, NASA SEWP is continuing its exploration of Supply Chain Risk Management (SCRM) and Cybersecurity Supply Chain Risk Management (C-SCRM). As one of the largest providers of technology equipment and services to government, NASA SEWP is in a unique position to bring leaders together for conversations about the latest developments and guidance, as well as innovative approaches that agencies are taking to protect their systems, software, and services.
Day 1 was the third in a series of deep dives by the NASA SEWP team into the challenges, risks and potential solutions to protect critical technology systems. This series brought together agency leaders, cybersecurity experts, as well as standards creators and management specialists to focus on cyber challenges throughout the organization.
Day 2 featured SEWP present and future as the program holds a training conference in the morning, including highlighting the SCRM elements built into the program and platform. In the afternoon the program held a feedback forum where government and industry participants provided their feedback and recommendations for what they would like to see from the program today and in future renditions of the program.
Attendees came away from this forum with a better understanding of:
- What organizations such as NASA, DOD, DHS and NIST are offering to solve these challenges
- The role of the National Risk Management Center and how to find guidance on reducing supply chain risk
- How CISA’s shared services model helps to harden the civilian sector’s response to supply chain vulnerability
- Why SCRM and C-SCRM are important to the federal network infrastructure
- What are some of the solutions to secure the critical software supply chain
- Where to find resources to help smaller or under resourced organizations
Agenda
| 8:00 AM |
Registration, Breakfast & Networking |
| 9:00 AM |
Kickoff/Welcome
|
| 9:15 AM |
Opening Keynote
|
| 9:45 AM |
Managing Risk at Government Scale A discussion of current policy and guidance on SCRM and C-SCRM that organizations are using to manage their cyber risk.
|
| 10:30 AM |
Networking Break |
| 10:50 AM |
FASC 101 Are you interested in learning more about the Federal Acquisition Security Council (FASC)? Are you a seasoned supply chain risk professional who wants to understand how the FASC receives referrals, evaluates SCRI about covered sources and covered articles, and the recommendation process? Or, are you suddenly seized with curiosity about terms like “SCRI” or “CSCRM” or “covered sources and covered articles? If you answered yes – then the FASC Fundamentals presentation is for you. The FASC presenters will give an overview of what the FASC is, what the FASC does, and what resources are available for continued reference. The presentation will be followed by a brief question and answer session as time permits. An introduction to the Federal Acquisition Security Council (FASC). Authorized by statute in December 2018 and established in early 2019 when the law went into effect, the FASC is an intra-agency council charged with a key role in cyber supply chain risk management (CSCRM) for U.S. government ICTS. Join us for an opportunity to learn more about the unique role of the Council in national security and economic security.
|
| 11:20 AM |
Consortia Working Group Panel Federal IT modernization efforts have generated many challenges for agencies, especially ones focused on supply chains and cyber risks. During this panel, executives will discuss how the government can collaborate with industry, academia, and nonprofits to pursue common sense standards and best practices for federal procurement, IT solutions, and risk analysis.
|
| 12:05 PM |
Lunch & Networking |
| 1:05 PM |
Luncheon Keynote: The Change Leadership Imperative 21st Century life is full of change and transition. In fact, change might be the only constant we can rely on in today’s fast-paced world. Leading and managing change has become an essential leadership skill in today’s business world. While leaders may enthusiastically lead the charge for change, they often find themselves looking over their shoulders to discover that no one is following their lead or doing the work necessary to make the change a success. Creating effective organizational change requires specific change management skills and sensibilities. This eye-opening presentation builds awareness around the need for strong change leadership and offers best practices for managing and leading organizational change.
|
| 1:35 PM |
Technology Provider Panel: SCRM Practices Today SCRM means different things to different people, and the kinds of SCRM practices a company engages in depends upon which link in the chain is theirs to account for. In this panel you will learn from industry experts representing manufacturers, distributors, and resellers as they discuss their practices in accounting for supply-chain risk, as well as how the government’s initiatives can impact their operations.
|
| 2:20 PM |
Networking Break |
| 2:40 PM |
SCRM Acquisition Update This panel will look at what the government has been doing so far in terms of addressing SCRM and what needs to be done. They will discuss how the acquisition processes have been changed and updated to provide more supply chain information and protection, and how the newest approaches are working in the civilian and intelligence communities.
|
| 3:25 PM |
Thank You & Closing
|
| 3:40 PM |
Networking Reception |
Agenda:
| 8:00 - 9:00 AM |
Registration, Breakfast & Networking |
| 9:00 AM -9:15 AM |
Kickoff/Welcome
|
| 9:15 AM - 3:30 PM |
Customer/Provider Training and Interactive Discussion |
| 3:30 PM |
Program Adjourns |
Speakers
Matt Fussa
Trust Strategy Officer
CISCO
Jon Boyens
Deputy Chief, Computer Security Division
National Institute of Standards and Technology
Marcus Fedeli
Research & Develop Lead/Strategic Advisor
NASA SEWP
Demetrius Davis
Principal Systems Engineer & Department Chief Engineer
MITRE Corporation
Kanitra Tyler
Program Manager
National Aeronautics and
Space Administration
Joanne Woytek
Program Director
NASA SEWP
John Linford
Director, Security Forum & Open Trusted Technology Forum (OTTF)
The Open Group
Shon Lyublanovits, CDPSE
Cybersecurity-Supply Chain Risk Management (C-SCRM) Initiatives Lead, Cybersecurity Division
Cybersecurity and Infrastructure Security Agency, Department of Homeland Security
Roger Waldron
President
Coalition for Government Procurement
Tony Celeste
Executive Director & General Manager, Public Sector
Ingram Micro
Tom Suder
Founder & President
Advanced Technology Academic Research Center (ATARC)
Mary Abbajay
President of Careerstone Group, LLC; Author
Jaimie Clark
Senior Advisor and Lead Program Manager, Federal Acquisition Security Council
Office of Management and Budget
Natalie E. Lehr-Lopez
Executive Director of the DNI SCRM Task Force
Office of the Director of National Intelligence
Kathryn Basinsky
National Telecommunications & Information Administration
Department of Commerce
Carlton Drew
(Acting) Deputy Program Manager for the FASC PMO
Sean Peters
Deputy Program Manager
OMB/OFCIO
Anne Armstrong
VP, Strategic Alliances
GovExec
Chris Riotta
Staff Writer
FCW
Troy Schneider
President
GovExec 360
PRESENTED BY
SUPPORTING UNDERWRITERS
GovExec is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.
