Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force

A supply chain is only as strong as its weakest link. The cyber threat from foreign adversaries, hackers, and criminals presents significant and new risks to government and industry. Constant, targeted, and well-funded attacks by malicious actors threaten government and industry alike by way of their contractors, sub-contractors, and suppliers at all tiers of the supply chain. Sophisticated threat actors exploit vulnerabilities deep in the ICT supply chain as a beachhead from which they can gain access to sensitive and proprietary information further along the chain.

The Department of Homeland Security’s Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force—the United States’ preeminent public-private supply chain risk management partnership—was established in response to these realities and entrusted with the critical mission of identifying and developing consensus strategies that enhance ICT Supply Chain security.

In addition to assembling an inventory of existing supply chain risk management efforts across government and industry, the Task Force has launched four main work streams:

  • Developing a common framework for the bi-directional sharing of supply chain risk information between government and industry;
  • Identification of processes and criteria for threat-based evaluation of ICT supplies, products, and services;
  • Identification of market segment(s) and evaluation criteria for Qualified Bidder and Manufacturer List(s); and,
  • Producing policy recommendations to incentivize the purchase of ICT from original manufacturers or authorized resellers.

The ICT SCRM Task Force’s participants include 20 federal partners as well as 40 of the largest companies in the Information Technology and Communications sectors. Companies and organizations participating in the Task Force include the following:

  • Accenture
  • AT&T
  • BSA
  • CenturyLink
  • Charter Communications
  • Cisco Systems
  • Comcast
  • Cox
  • CTIA
  • CyberRx
  • Cybersecurity Coalition
  • Cyxtera
  • Dell
  • FireEye
  • General Dynamics Information Technology
  • HP
  • IBM
  • Iconectiv
  • IT-ISAC
  • Information Technology Industry Council
  • Intel
  • Interos Solutions
  • Microsoft
  • National Association of Broadcasters
  • NCTA
  • NTCA
  • NTT
  • Palo Alto Networks
  • Pioneer
  • Samsung
  • Sprint
  • Synopsys
  • Threatsketch
  • TIA
  • T-Mobile
  • USTelecom
  • Verizon Wireless.

Additional Resources:

Was this document helpful?  Yes  |  Somewhat  |  No