Politico Morning Cybersecurity, March 7, 2019

By Tim Starks

The Pentagon’s supply chain security program should accommodate businesses concerned about “opaque” decisions to ban their products from military networks, the software trade group BSA said Wednesday in a letter to the leaders of the House and Senate Amed Services committees. The most recent defense policy bill gave the Pentagon the authority to put companies on blacklists if their products are deemed insecure or risky, and BSA said that while it understood the need for these “potent tools,” there was “a risk that such opaque processes” would encourage foreign governments to make “non-risk management-based protectionist” decisions.

BSA recommended that this blacklist program be amended to require “processes to, absent exceptional circumstances, notify vendors excluded from a competition of their exclusion and the reasons for it and to ensure a viable means of protesting or appealing the exclusion decision.” The letter also made recommendations about supply chain research, vendor contract language, and relying on industry standards. And it encouraged Congress to direct the Pentagon to buy commercial off-the-shelf software wherever appropriate.

Read More >>

Original Posting: https://www.politico.com/newsletters/morning-cybersecurity/2019/03/07/next-up-at-rsa-election-security-dhs-and-nsa-536861