Please join Baker Tilly and Rogers Joseph O'Donnell on Feb. 4, 2021 at 1:00 p.m. EST for an insightful discussion on supply chain risk management (SCRM) and what its use in recent solicitations means for federal contractors.
The “SolarWinds” event made public in Dec. 2020 has drawn intense scrutiny of how commercial enterprises as well as government agencies are exposed to threats that can be delivered through the supply chain. The result will be many government initiatives, and new contract requirements, obligating companies to improve and disclose measures taken to assess and minimize supply change risks.
Even before “SolarWinds,” the federal government had increased a regulatory focus on strengthening and securing the federal supply chain. New rules have emerged, including cybersecurity compliance frameworks (like CMMC), tighter restrictions on foreign investment, limitations on foreign source technology and new authority to remove suspect equipment or exclude high risk sources. The many initiatives serve common objectives but at a practical level companies are challenged to understand new demands and undertake measures of governance and compliance.
In the Biden administration, even stronger supply chain measures are expected. Federal procurements have increasingly included requirements for offerors to describe SCRM practices and provide detailed plans-of-action to protect hardware, software and embedded components from compromise (otherwise known as a “SCRM plan”). Several procurements have gone so far as to state outright that supply chain risk processes and/or events may be subject to audit, at the Government’s discretion. The CMMC assessment regime could well be extended to SCRM practices.
Given the anxiety over secure sources of supply and the damage done by “SolarWinds,” organizations serving federal customers should map the present and expected landscape of SCRM requirements and carefully consider strategy, tools, techniques and implementation to produce strong “SCRM plans,” which meet or exceed acquisition demands.
This program will explore:
Co-presenter biographies from Rogers Joseph O'Donnell
Shareholder, Rogers Joseph O'Donnell
Mr. Metzger is a co-author of the 2018 MITRE “Deliver Uncompromised” Report which contributed to present DoD security initiatives including CMMC. Mr. Metzger is a widely published author on a variety of cyber and supply chain security subjects whose views are respected by industry and government alike. As a Special Government Employee, Mr. Metzger served on the Defense Science Board Cyber-Supply Chain study. As a MITRE consultant, he has assisted on several security projects for federal sponsors. Named a 2016 “Federal 100” awardee, Federal Computer Week cited Bob for his “ability to integrate policy, regulation and technology” and said of him: “In 2015, he was at the forefront of the convergence of the supply chain and cybersecurity, and his work continues to influence the strategies of federal entities and companies alike.”
Associate Attorney, Rogers Joseph O'Donnell
Ms. Ross is an attorney in Rogers Joseph O'Donnell’s Washington, D.C. office, specializing in government contracts. Ms. Ross has broad experience with sanctions proceedings against contractors. Before joining Rogers Joseph O’Donnell, Ms. Ross was a legal consultant at the World Bank Office of Suspension and Debarment, where she reviewed cases concerning fraud and corruption on World Bank funded projects. While there, she researched mechanisms for contractor exclusion and launched the Global Suspension and Debarment Survey.
Ms. Ross received her B.A. from George Washington University, graduating summa cum laude and was awarded her J.D. from George Washington University Law School with highest honors. She was a member of The George Washington Law Review, where her student note was published. She served as a student attorney for the International Human Rights Legal Clinic and gained valuable legal experience from internships at the World Bank Financial Market Integrity Unit and the United Nations.
Baker Tilly co-presenters: