UMD Smith business school to take on cybersecurity risk project

The Supply Chain Management Center at the University of Maryland’s Robert H. Smith School of Business will be part of a unique risk assessment project to assess the safety and effectiveness of supply chain practices.

The project, which is the first of its kind, will focus on “ascertaining the effectiveness of information security and cyber supply chain best practices” and look to aid companies with their cyber risk assessment, according to a news release.

“We’re taking this instrument, this portal set of assessments we developed and using it to ask a basic question – does the assessment profile and specific set of actions that you do … relate to future profile breaches?” said Sandor Boyson, a professor at the Smith school and co-director of the Supply Chain Management Center. The team isn’t just looking at breaches alone, either, he said, but looking at them “as consequences of how you manage IT cybersecurity.”

Supply chain, or the flow of raw materials, products and services from origin to consumption, can get bugs or run into problems just like software and computers can. Cyber security in supply chain focuses on the management of information technology systems to prevent cybersecurity threats like viruses, malware and network vulnerabilities. In the supply chain, companies and businesses are only as strong as their weakest link, according to the InfoSec Institute. Cybersecurity problems affect all parts of the chain, so cybersecurity management is crucial.

The project is unique in its size and scope, Boyson said. The school of business will be working with the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology (NIST) along with insurance companies like Zurich Insurance and Beecher Carlson and the General Services Administration.

“Collectively I think [the companies involved] all share interest in the same set of questions – how do you relate what a company does to its outcomes in terms of cyber security,” Boyson said. Before this project, he said, there hadn’t really been an attempt to analyze cybersecurity risk and how a company’s actions affect that.

“Assessing cybersecurity and supply chain risk management is becoming more critical for companies and the nation’s overall cyber health, according to Brian Barrios, program manager for the National Cybersecurity FFRDC at MITRE. “It is critical to be able to have an appropriate level of trust in our ability to procure and acquire technology,” he said in a press release.

The National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology, works to address cybersecurity problems for businesses. The Supply Chain Management Center at the Robert H. Smith School of Business conducts research on supply chain management and creates programs for business students.