There’s nothing new about supply chain attacks—or regulations designed to protect against them.

In 2008, President George W. Bush established the Comprehensive National Cybersecurity Initiative (CNCI) to protect the U.S. against the economic and national security threat posed by cyberattacks. Later that same year, President Obama ordered a review of federal efforts to protect U.S. information and critical infrastructure and the development of a plan to secure America’s digital future.

In 2009, President Obama accepted the resulting recommendations, publishing a list of 12 initiatives—including one to “Develop a multi-pronged approach for global supply chain risk management.” This document became the first federal attempt to legislate improvements to supply chain security… and it wouldn’t be the last.

Several further attempts have been made to embed supply chain risk management (SCRM) in legislative and best practice cybersecurity frameworks.

The National Institute of Standards and Technology (NIST) began work (Read more...)