The strength of a new federal acquisition council on supply-chain security lies in its ability to directly involve classified information in agencies’ decisions to buy products and services, according to a senior White House official.
The new regime contrasts from previous “Whac-A-Mole” approaches that were confined to the unclassified space, Federal Chief Information Officer Grant Schneider said Thursday at the 2019 Security Through Innovation Summit, presented by McAfee. He chairs the nascent interagency Federal Acquisition Security Council, which was established by a law signed by President Donald Trump in December. The law allows classified information to be used to support risk assessments while assuring the intelligence community that data is protected, Schneider added.
“The Binding Operational Directive on Kaspersky was completely through open-source [information],” Schneider said, referring to a 2017 federal order that, due to security concerns, banned civilian agencies from using products made by Moscow-based Kaspersky Lab. “If we had written a Binding Operational Directive on Kaspersky using classified information, we might have done it several years ago.”