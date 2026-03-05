The vulnerability of supply chains to cyber threats is rising and can cause financial, operational and reputational damage to an organization, warned ECS’ Keith McCloskey, vice president and chief technology officer of national security and civilian, and Charles Walker, senior solutions architect of cyber operations.

In a new article posted on the ECS website, the executives highlighted the need for organizations to establish an effective cyber supply chain risk management, or C-SCRM, strategy and provided four steps to strengthen their security.

What Steps Do Organizations Need to Take to Strengthen Supply Chain Cybersecurity?

According to McCloskey and Walker, organizations should treat cybersecurity supply chain risk management as a cross-functional responsibility involving leadership, cybersecurity, procurement, legal and mission teams rather than a siloed technical task.

The executives also recommended building and maintaining a Software Bill of Materials to identify suppliers, assess their mission impact and prioritize oversight of vendors that pose the highest risk.

Additionally, the article emphasized the integration of supply chain risk and cybersecurity requirements early in the procurement process. Doing so would enable organizations to set clear expectations for vendors and avoid costly security gaps later.

Finally, organizations should continuously monitor suppliers and reassess risk over time to detect emerging vulnerabilities.

What Cyberthreats Do Supply Chains Face?

ECS also discussed the rising threats to supply chains in its 2025 Cybersecurity Report published in September. In the report, the company raised concerns over the government and industry’s reliance on software-as-a-service and cloud services, which means organizations have little visibility or control over the supply chain.

The company warned that state-sponsored cyber campaigns are targeting not just critical infrastructures, but supply chains. ECS also noted in the report that hackers can disguise malware as trusted software.