MITRE’s System of Trust risk model manager improves supply chain resiliency


MITRE launched its System of Trust risk model manager and established a community engagement group of 30 members.

Expanding from its free and open platform, System of Trust now delivers a collaborative community to identify and mitigate threats to supply chains—before they happen. Leveraging the expertise of researchers and organizations, the community will further develop the framework’s body of knowledge and enhance supply chain security.

System of Trust, showing key risk areas for suppliers, supplies/components, and services

“As aligned to our whole-of-nation approach, the MITRE System of Trust community brings together not only major chip manufacturers and IT and OT companies but also representation from financial, energy, defense, and telecom industries, as well as from government and industry associations,” said Yosry Barsoum, VP and director, Center for Securing the Homeland, MITRE. “We are helping all parts of the supply chain ecosystem better identify their risks and build their resiliency.”

The community uses evidence-based data to determine where risks to the supply chain are and to assess the impact of those risks across business operations and concerns: financial stability, management, legal and ethics, foreign and competitor influence, service, warehousing, and delivery.

“Identifying supply chain risks that come from supplies, suppliers, service providers, etc., is a complex challenge due to the complex nature of modern supply chains,” said Wen Masters, vice president, cyber technologies, MITRE. “There is a need for a common depiction of the risks and for modeling and managing the risks. We are beginning to address this complex challenge with our System of Trust framework and with the community engagement group.”

The platform will continue to grow as the community grows.

“We’re encouraging organizations to keep identifying their lists of risks and contribute their data about how to measure those risks—and any additional insights—to the MITRE System of Trust body of knowledge,” said Robert Martin, senior principal software and supply chain assurance engineer at MITRE.

One of the new tools developed with the community’s input is the risk model manager. This web application allows organizations to explore the MITRE System of Trust’s body of knowledge and actively tailor it into profiled sub-sets of supply chain risks to address particular assessment needs and answer the associated risk measurement questions.



Source link