WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington this week and last week as part of the Task Force’s ongoing efforts to identify and develop collaborative solutions to global supply chain risk. In addition to an ongoing inventory effort of existing public and private supply chain efforts, the Task Force is focusing its initial activity on the following work streams:
- Developing a common framework for the bi-directional sharing of supply chain risk information between government and industry.
- Identification of processes and criteria for threat-based evaluation of ICT supplies, products, and services.
- Identification of market segment(s) and evaluation criteria for Qualified Bidder and Manufacturer List(s).
- Producing policy recommendations to incentivize the purchase of ICT from original manufacturers or authorized resellers.
“Supply chain threats by their very nature cut across multiple sectors and a vulnerability on one device can have ripple effects for the economy and national security” said CISA Director of the National Risk Management Center, Bob Kolasky. “While no one company or agency can tackle the challenge on its own, by working together through this Task Force, government and industry can identify and manage this risk that affects all of us.”
The Task Force also intends to act as one of the primary touch points between industry and government for the newly created Federal Acquisition Security Council that was created from legislation enacted into law late in 2018.
The Task Force was initially announced by DHS at its first ever National Cybersecurity Summit. The 60 members of the Task Force include an impressive roster of key supply chain risk management stakeholders from the public and private sectors. Members include:
- Charter Communications
- Cisco Systems
- Cybersecurity Coalition
- General Dynamics Information Technology
- Information Technology Industry Council
- Interos Solutions
- National Association of Broadcasters
- Palo Alto Networks
- Verizon Wireless
- U.S. Department of Commerce
- U.S. Department of Defense
- U.S. Department of Energy
- U.S. Department of Homeland Security (CISA)
- U.S. Department of Homeland Security (Office of the Chief Procurement Officer)
- U.S. Department of Homeland Security (Office of the Chief Information Officer)
- U.S. Department of Justice
- U.S. Department of the Treasury
- Federal Bureau of Investigation
- Federal Communications Commission
- General Services Administration
- National Aeronautics and Space Administration
- National Security Agency
- Office of the Comptroller of the Currency
- U.S. Nuclear Regulatory Commission
- U.S. Office of the Director of National Intelligence
- U.S. Social Security Administration