The Supply Chain Management Center at the University of Maryland’s Robert H. Smith School of Business will collaborate with the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), on a first of its kind risk assessment project.
This research project will focus on ascertaining the effectiveness of information security and cyber supply chain best practices, with an end goal of helping companies and organizations increase their cyber risk assessment and management capability. The targeted beneficiaries include government procurement agencies, insurance and reinsurance underwriting companies, financial institutions and rating agencies, says research professor and Supply Chain Management Center co-director Sandor Boyson, who will help manage the project along with faculty colleague and center co-director Thomas Corsi and Smith School CIO Holly Mann.
The Smith School will work with NIST, the General Services Administration and insurance industry leaders Zurich Insurance and Beecher Carlson to test the predictive capabilities of cyber risk managerial assessments developed through the Smith School’s supply chain center. Industry consultants to the project are StoryBuilt Design CEO Michael Best, Zurich North America Director of Strategic Business Risk Linda Conrad and Christopher Keegan, director of Beecher Carlson’s cybersecurity insurance practice. Keegan and another consultant to the project, Hart Rossman, are senior research fellows with Smith’s supply chain center.
“Zurich is delighted to participate in this first of its kind public private partnership,” says Conrad. “Our collective efforts will help bring best practices and evidence based guidance to organizations seeking better understanding of cybersecurity resilience within their own walls, as well as in their supply chains.”
“This work continues research into best practices that helps individual organizations understand and better manage their risk, which subsequently strengthens the resilience and security posture of the U.S. economy,” says Jon Boyens, senior advisor for information security in NIST's computer security division.
The NCCoE was founded in 2012 as a partnership between NIST, the State of Maryland and Montgomery County and is a federal organization within NIST. In 2014, NIST established a federally funded research and development center (FFRDC), operated by The MITRE Corporation, to power and support the NCCoE. Experts from industry, the U.S. government and academia work together at the NCCoE to address businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies.
“Supply chain risk management is an increasingly important factor in the nation’s overall effort to improve cybersecurity,” says MITRE’s Brian Barrios, National Cybersecurity FFRDC program manager. “It is critical to be able to have an appropriate level of trust in our ability to procure and acquire technology.”
A growing concern, says Boyson, has been the threat to the suppliers of critical infrastructure components, systems and services. The $425,000 task order marks the sixth consecutive year of government funding to the Smith School’s Supply Chain Management Center and the new phase “fits nicely into the flow of work that has culminated in a Cyber Risk Portal,” Boyson adds. Administered through the Smith School center, the portal allows businesses to anonymously upload data to compare their cybersecurity capabilities to existing standards, as well as to their peers and competitors.
The portal also was a UMD “Invention of the Year” finalist as part of the Celebration of Innovation and Partnerships event at the university on May 9, 2016.
“The Cyber Risk Portal is a great example of transforming foundational research to commercialized services or products,” says UMD Vice President and Chief Research Officer Patrick O'Shea. “This transfer of knowledge and ideas to the marketplace is a testament to our university's commitment to spur economic development in the State of Maryland.”