DEFCON CYBER by Rofori Corporation is a software solution based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). DEFCON CYBER™ enables an organization and its supply chain to significantly reduce incident response times and measure the supply chain cybersecurity risk posture through the successful execution of each supply chain organization's cybersecurity risk management strategy. DEFCON CYBER is offered as a cloud service or an application add-on to an existing Microsoft SharePoint enterprise platform.

Supply chains have become the preferred targets of attack with the growing number of incursions initiated by bad actors due to the lack of cyber risk management focus within the supply chain. In the current cybersecurity environment, organizations and their supply chains tend to be reactionary, with limited human response times that are unable to cope with high volume machine-speed incident detection.

DEFCON CYBER representatives recommended its cybersecurity risk management system as a solution to the major challenges expressed at the NIST Cyber Supply Chain Risk Management Workshop held last week. The key challenges of combining cyber and the supply chain into a cohesive strategy include insufficient skills to identify, assess, and manage cyber risk. A significant gap in executing a strategy and improving upon it has been the lack of measuring and scoring supply chain entities in their ability to perform adequate system hygiene and to improve their risk posture, especially for small and medium sized organizations.

DEFCON CYBER is the first software application to incorporate the Framework from a holistic approach by operationalizing the NIST CSF, thus enabling execution of both process and outcome measures, resulting in continuous cybersecurity risk management assessment and score. The Framework lays out a broad approach for organizations of all types and sizes to adopt a risk management approach to cybersecurity protection for their organization and their supply chains.

Many organizations and related supply chains do not have sufficient resources or skills to identify and respond to the rapidly increasing volume of indicators of cybersecurity compromise. Each supply chain organization needs to have the ability to execute a cybersecurity risk management strategy by responding to priority indicators of compromise, and being proactive in finding indicators of compromise. DEFCON CYBER™ operationalizes this risk management oriented approach in cybersecurity programs by linking the organization's actions and response to its prioritized risk management strategy. DEFCON CYBER™ also enables the establishment of a cybersecurity program for organizations lacking a cybersecurity risk management approach.

DEFCON CYBER drives a consistent prioritization and measurement of the supply chain's cybersecurity risk, enabling the outcomes needed to achieve the desired cybersecurity risk posture.