With software supply chains becoming an essential piece of Federal agencies’ cybersecurity plans, the General Services Administration (GSA) is planning to take big steps next year to improve its cybersecurity software supply chains.
Bo Berlas, chief information security officer (CISO) at GSA, gave a sneak peek at some of the goals the agency is eyeing during an online webinar titled “Securing the Software Supply Chain is No Longer Optional” hosted by GovExec on Oct. 10.
“It’s going to be a big year focused around applications and workloads, that central pillar around … software security and supply chain security, taking what we’ve already accomplished, and essentially going through and doing it at scale,” said Berlas.
Berlas added that “[GSA] teams have largely been implementing software security and supply chain security really more in their own verticals across the organization, implementing capabilities around static analysis and dynamic analysis,” said Berlas.
Although Berlas discussed the plan for the coming year, he noted that in order “to truly be able to achieve synergy and value and be able to integrate that into a security strategy, it has to effectively be developed and delivered as an enterprise shared service,” said Berlas.
The need to focus on the cybersecurity supply chain is tethered around satisfying the fundamental pillars of the zero trust security framework, he explained.
“[The] zero trust strategy does require inherently a fundamental focus on application security and software supply chain security. So, organizations like GSA within government, as we’re thinking about zero trust, we’re [also] thinking about app sec, we’re thinking about software security,” said Berlas.
“We’re essentially going through and doing a lot of investments within the cybersecurity supply chain space in the coming years,” he said.
