Risk Management

Supply chain executives are developing strategies to address disruptions from geopolitical conflicts, such as those in the Strait of Hormuz. Key approaches involve risk assessments, manufacturing flexibility, and partnerships to protect against rising costs and supply shortages.

TeamPCP's release of the SHAI_HULUD malware source code raises alarm bells for procurement professionals. The incident highlights the urgent need for enhanced security measures in CI/CD pipelines and software development environments across government agencies and contractors.

The USDA's Farm Service Agency and the University of Nebraska-Lincoln will host a webinar on January 30, 2025, to educate commodity crop producers about the Agriculture Risk Coverage (ARC) and Price Loss Coverage (PLC) programs. The event aims to enhance understanding and participation, reflecting ongoing federal investment in agricultural revenue risk management.

The global cybersecurity consulting market is expected to reach **$119.1 billion** by **2034**, largely due to increasing regulatory requirements and evolving cyber threats. Federal agencies like **CISA**, **DHS**, and **NIST** will likely intensify procurement of compliance and risk management consulting services, opening significant avenues for leading contractors in the field.

The Australian Securities and Investments Commission (ASIC) has urged organizations, including government contractors, to improve their cybersecurity measures due to escalating AI-driven cyber threats. This could indicate increased scrutiny and compliance needs for contractors and market participants, necessitating robust defenses against evolving cyber risks.

The National Institute of Standards and Technology (NIST) has released a draft update to its Positioning, Navigation, and Timing (PNT) cybersecurity profile to align with the revised Cybersecurity Framework 2.0. This revision addresses emerging threats in GPS reliability, AI risks, and supply chain vulnerabilities, urging federal agencies and contractors to adapt their cybersecurity measures accordingly.

Failure to secure an Authority to Operate (ATO) threatens government contract continuity and workforce stability. Understanding the risks involved with the Assessment and Authorization (A&A) process is essential for procurement professionals to safeguard their contracts against disruptions.

Government agencies are shifting their cybersecurity focus to include behavioral science, recognizing its importance in mitigating human risks. Procurement professionals are urged to seek solutions that foster a trust-based culture, moving beyond traditional compliance. This strategic change may alter requirements and evaluation criteria in upcoming contracts.

The Cybersecurity and Infrastructure Security Agency has mandated federal agencies to address a critical vulnerability in Ivanti's Endpoint Manager Mobile by May 10, 2026. This requirement underscores the importance of cybersecurity measures and may impact procurement strategies for related technologies.

Cyber insurance providers are raising identity verification standards significantly. Renewals now require detailed metrics, influencing premium costs and underscoring the need for improved cybersecurity practices among government contractors.

The Vulnerability Garden initiative has unveiled a centralized catalog detailing named cybersecurity vulnerabilities, aiding agencies in risk assessments. This resource allows contractors to align their solutions with identified threats, improving acquisition strategies.

The Bleeding Llama attack has compromised a video game platform, exposing vulnerabilities in software supply chains. This incident underscores the urgent need for enhanced cybersecurity measures within government procurement processes and could influence future contract requirements for vendors. Organizations are encouraged to revise their risk assessments and improve their monitoring strategies.

The **Oklahoma County Jail Trust** has finalized a **$7 million** settlement concerning the 2021 death of inmate Brad Leon Lane, with costs being split between insurance and increased property taxes. This decision will significantly influence future procurement strategies within detention center operations, focusing on improved risk management and vendor oversight.

Maryland has terminated its Phase 2 contract with Kiewit for the Francis Scott Key Bridge, citing excessive cost proposals. This creates new opportunities for contractors while reshaping the landscape of the state’s $5 billion infrastructure undertaking, emphasizing the critical need for competitive pricing amid federal-state collaboration.

The NIST's National Cybersecurity Center of Excellence has launched a critical cybersecurity initiative focusing on operational technology (OT). This project aims to address visibility challenges in OT environments, creating significant procurement implications for vendors offering cybersecurity solutions tailored for critical infrastructure.

Cybersecurity firms are adapting their penetration testing sales strategies due to low buyer awareness. Procurement professionals need to shift their timing and approaches, prioritizing educational outreach to increase demand and engagement with potential clients.

The Supreme Court has revived a lawsuit against Fluor Corp. regarding negligent supervision during an Afghanistan incident. This ruling highlights increased legal risks for defense contractors, prompting them to reassess contract terms, risk management strategies, and liability exposure in military operations.

The demand for professionals with Information System Security Officer (ISSO) experience is rising as they transition into critical cybersecurity roles such as governance and compliance management. Agencies and contractors can harness this trend to enhance their security posture and meet compliance requirements through strategic hiring and training initiatives.