Charles Clancy, director of Virginia Tech’s Hume Center for National Security and Technology and a professor of electrical and computer engineering, offered expert testimony Wednesday in Washington, D.C., before the House Energy and Commerce Committee’s Subcommittee on Communications and Technology.
During the Hearing on Telecommunications, Global Competitiveness, and National Security, Clancy spoke on the need for clear understanding and assessment of supply chains for critical infrastructure related to telecommunications equipment.
An internationally-recognized expert in wireless security and an accomplished academician, Clancy shared his perspectives on the major forces that have reshaped the telecommunications industry in the United States and globally and the realities of cyberthreats that exist within supply chain operations.
“Supply chains for telecommunications are complex,” said Clancy during his testimony. “They include development of intellectual property and standards, fabrication of components and chips, assembly and test of devices, development of software and firmware, acquisition, installation, and management of devices in operational networks, and the data and services that operate over those networks. Competing in a global marketplace drives where and how each portion of this supply chain is executed.”
Clancy stated that telecommunications companies need to consider the criticality of each component in their network and the entire supply chain for each product they acquire and provision in their network.
“It is financially impossible to eliminate all risk, but supply chain risk needs to be assessed and quantified before it can be effectively managed,” Clancy said. “The overall trend in cybersecurity away from compliance-based security in favor of risk-based methodologies needs to be extended to supply chain.”
Clancy’s testimony concluded with a recommendation that recurring assessments be performed collaboratively between government and industry that examines each layer of the supply chain, from research and development through operations. He also urged federal government actions to help foster the competitiveness of domestic industry to fill the gap, but with careful consideration given to the impacts on the global marketplace.
As director of Virginia Tech’s Hume Center, Clancy leads a team of more than 75 faculty and staff who engage 400 students annually in research and experiential learning focused in national security and technology. He is also a leading contributor in developing and expanding Virginia Tech's role in cybersecurity research and education, to include development of the CyberX initiative.
In addition to his Hume Center leadership and academic endeavors, Clancy is a primary stakeholder in Virginia Tech’s Integrated Security Destination Area (ISDA), which focuses on understanding and fostering global security through technology and social systems that follow ethical principles and promote values of social justice. ISDA faculty work collaboratively to bring a transdisciplinary approach to the complex range of human and systems security challenges.
Prior to joining Virginia Tech in 2010, Clancy spent seven years working for the U.S. Department of Defense (DOD) in a variety of research, engineering, and operations roles. The majority of his time with the DOD was spent as a researcher with the Laboratory for Telecommunications Sciences, a federal research laboratory at the University of Maryland, where he led government research programs in wireless communications, with an emphasis on software-defined and cognitive radio.