Public Relations Associate
White Paper Offers Cyber Security
Model to Address 21st Century Challenges
Cyber-Supply Chain Assurance Reference Model Fuses
Fields of Cyber Security and Supply Chain Risk Management
College Park, Md. – June 15, 2009 – A collaborative white
paper, Building A Cyber Supply Chain Assurance Reference Model, released today
by Science Applications International Corporation (SAIC) [NYSE:SAI] and the
Supply Chain Management Center at the University of Maryland’s Robert H. Smith
School of Business, tackles the nation’s cyber threat — now elevated to a
presidential imperative — with an outline for an innovative model that applies
end-to-end supply chain management to cyber security for the first time.
The white paper marks the final phase of a six-month project and addresses a
key discovery – that global cyber supply chains today are as fragmented as
physical supply chains were 15 years ago. The paper follows the Obama
administration announcement of a White House cyber czar to develop strategy to
protect the nation’s government and private computer networks while balancing
national security and economic concerns. With the cyber industry increasingly
spread across many different countries around the world, globalization has
intensified the potential threats.
“There are strong parallels in the evolution of the global supply chain that
can be applied to the field of cyber security,” said Sandor Boyson, co-director
of the Supply Chain Management Center at the University of Maryland’s Robert H.
Smith School of Business, a former Smith School chief information officer and
one of the project’s key researchers. “Both disciplines have labored to gain
visibility over operations and establish more collaborative and robust business
ecosystems with customers, distributors and suppliers on a worldwide basis. In
creating a framework that includes a common lexicon and by highlighting shared
responsibilities, we hope to heighten awareness of this interlaced, larger
supply chain world and the need to create a governance structure that is
adaptive enough to meet real-world challenges.”
Drawing best practices from the evolution of the global supply chain,
researchers from the Smith School’s Supply Chain Management Center address the
challenge of keeping distributed, global networks secure from threats with a
well-defined and integrated model built upon a dynamic governance structure that
unites hardware and software planning. The result offers potential for a
significant advance in combating cyber threats, viruses and attacks and
represents a dramatic paradigm shift from current industry practices.
“It is a national security imperative in a global economy that we have
confidence in the supply chains of integrated systems and the integrity of the
people, processes and technology that comprise them,” said Hart Rossman, chief
technology officer for Cyber Security Solutions at SAIC and a senior research
fellow of the Supply Chain Management Center at the University of Maryland’s
Robert H. Smith School of Business. “The fusion of these two dynamic disciplines
— supply chain risk management and cyber security — will help address emerging
threats and vulnerabilities presented in the sourcing of IT solutions worldwide.
The framework identifies interdependencies between system development life cycle
activities across the supply chain, providing insight and guidance to create
flexible mitigation strategies according to the risk appetite of an
The Cyber Supply Chain Assurance Reference Model defines not only key actors,
processes, and vulnerabilities, but also identifies strategic interdependencies
at each node of the international production/sustainment chain. Among the
paper’s key findings are:
The four-phase project drew on insight and best practices across disciplines.
The first phase included a literature review, while phase two incorporated input
following extensive interviews with experts in the areas of policy making and
governance, acquisitions, hardware, software, network and systems-integration
assurance. In phase three, researchers compiled interview results, analyzed
findings and presented a prototype Cyber Supply Chain Assurance Reference Model
to a focus group of 30 government and industry executives. The research team
included Boyson, Thomas Corsi, co-director of the Smith School’s Supply Chain
Management Center, and Rossman.
A copy of the paper, Building A Cyber-Supply
Chain Assurance Reference Model, is available online.
The project was funded through SAIC’s Strategic University Alliances
initiative, which focuses on campus activities in support of the company's
strategic goals, particularly strengthening the science and technology core of
SAIC. The next stage of research will begin later this month and will focus on
field work with a select group of public and private organizations to validate
the reference model and develop data collection tools.
With cyber security targeted as an area of strategic emphasis, the U.S.
government is expected to work closely with security companies and other private
companies to help secure U.S. interests – especially the government and key
infrastructure – from future attacks.
SAIC is a FORTUNE 500® scientific, engineering, and technology applications
company that uses its deep domain knowledge to solve problems of vital
importance to the nation and the world, in national security, energy and the
environment, critical infrastructure, and health. The company’s approximately
45,000 employees serve customers in the U.S. Department of Defense, the
intelligence community, the U.S. Department of Homeland Security, other U.S.
Government civil agencies and selected commercial markets. SAIC had annual
revenues of $10.1 billion for its fiscal year ended January 31, 2009. SAIC: From
Science to Solutions®
About the University of Maryland’s Robert H.
Smith School of Business
The Robert H. Smith School of Business is an internationally recognized leader
in management education and research. One of 13 colleges and schools at the
University of Maryland, College Park, the Smith School offers undergraduate,
full-time and part-time MBA, executive MBA, MS in business, PhD and executive
education programs, as well as outreach services to the corporate community. The
school offers its degree, custom and certification programs in learning
locations on three continents — North America, Europe and Asia.