Former CISA official Kolasky sees opportunities to align supply chain risk work with cyber framework objectives

The National Institute of Standards and Technology’s interest in incorporating supply chain considerations in the cybersecurity framework makes sense today because of the evolving risk environment, according to former CISA official Bob Kolasky.

“Part of the change is the reality that threat risk vectors that have emerged over the last several years and adversaries are looking at supply chain as a principal area of causing harm,” Kolasky told Inside Cybersecurity. Kolasky played a role in shaping the original cybersecurity framework...