This post is also available in: 日本語 (Japanese)
Around the world, governments as well as private sector organizations are focused on identifying and mitigating risks to the information and communications technology (ICT) supply chain. In fact, efforts to disrupt or exploit supply chains have become, in the words of a senior US Homeland Security Department official, a “principal attack vector” for adversarial nations seeking to take advantage of vulnerabilities for espionage, sabotage or other malicious activities. In this environment, strong supply chain security practices are a differentiator for critical infrastructure organizations. But what, exactly, does a strong supply chain security program look like? Recently, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) published a case study highlighting how Palo Alto Networks uses supply chain best practices.
The case study identified several best practices that collectively contribute to the overall supply chain security efforts of Palo Alto Networks. Among them:
As with many global manufacturers, our supply chain practices were put to the test in the face of the COVD-19 pandemic. Indeed, Palo Alto Networks is both a critical infrastructure company ourselves – playing a key role in ensuring complex, interconnected digital information systems are secure against malicious actors – and a supplier to other critical infrastructure entities worldwide. The customers that rely on us to secure their networks span critical healthcare, defense, financial services, government, logistics, food and agriculture, and other entities that are playing a vital role in the response to the pandemic. In a testament to our risk management practices, our team and our manufacturing partner have done a terrific job working with our suppliers around the globe to ensure that we can meet the security needs of our customers during this time.
What’s next? Palo Alto Networks believes governments should promote adoption of supply chain best practices by incentivizing companies that make risk-based decisions to maintain product integrity – such as through qualified procurement preferences. In fact, in the United States, Congress has mandated that the U.S. government should identify supply chain best practices and recommend legislative or other policy changes to incentivize their adoption by the private sector. The government would do well to look at NIST’s work in identifying those best practices.
At Palo Alto Networks, we understand what it takes to maintain a strong supply chain and ensure the integrity of our products. We believe responsible companies have a duty to keep a secure supply chain and that governments should promote the adoption of best practices like these to foster a resilient ICT ecosystem. Read the full NIST case study on our approach to supply chain risk management here: Case Studies in Cyber Supply Chain Risk Management: Palo Alto Networks, Inc..
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.