Topic: Supply Chain Security: Supplier/Contractor Relationships In Negotiated Contracts
Over the past 5 years, the world has seen unprecedented interest-in and allocation-of resources toward Cyber Security in both the public and private sectors. The Supply-Chain has been stressed to its very limits and Third-Party relationships have been similarly stressed with the “trust but verify-verify-verify” protocol meaning more today than ever before. Pre- and Post- Covid, our relationships with our Business partners have taken on never before seen uncertainty in supply categories for security, reliability, and visibility, as to who is providing what and how secure it will be upon arrival. At the heart of these Business partner relationships are Contracts … and provisions within Contracts which stipulate 1) information and product security requirements; 2) adherence to Cyber Security Frameworks (CSFs), and 3) the providing of evidence (proof) which demonstrates the “Cyber Maturity” of a counterparty. During the December 14th 2022 presentation to ISSA-Md, the Information Systems Security discussion will center on Standard Cyber Security Contract Provisions which have been dictated by Risk Analysis Tenets and overlapping Cyber Security Frameworks (such as NIST, ISO, Cobit, etc.) as well as legal requirements in the FAR, the DFARS, and CMMC 2.0, which will affect U.S. Government contractors and private sector stakeholders.
Speaker: Todd Hinson – Constellation Energy
Mr. Todd Hinson is a Cybersecurity Contracts Principal with Constellation Energy in Baltimore, Maryland.
Todd began his career in the U.S. Army Intelligence Corp as part of Electronic Warfare Operations in Europe before becoming a U.S. Government Contractor with Contel and GTE serving at the Pentagon-JCS, NSA-HQ, DIA-HQ, and in South Korea with the Korean Intelligence Support System (KISS). After having taken a sabbatical to raise five children (two sets of twins), Todd returned to U.S. federal service with the DOJ/U.S. Attorneys Office-Baltimore, followed by stints with “Top-10” international Banking and Finance law firms Weil, Gotshal & Manges and Allen & Overy in Washington, D.C. during the fall-out from the 2007-2008 Global Financial Crisis. Todd has also served the Office of General Counsel of the American Bankers Association, T. Rowe Price, Exelon Corporation, and currently Constellation Energy.
Todd’s Cybersecurity professional development began with NOC and Data Center operations, then diverted into Law and Banking from a systems resiliency perspective, and has returned to the assurance of Information Confidentiality, Integrity, and Availability (CIA) within Supply-Chain and Third-Party contracts, after having completed his M.S. in Engineering (Cybersecurity Policy & Compliance) from The George Washington University in 2021.