Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force


A supply chain is only as strong as its weakest link. The cyber threat from foreign adversaries, hackers, and criminals presents significant and new risks to government and industry. Constant, targeted, and well-funded attacks by malicious actors threaten government and industry alike by way of their contractors, sub-contractors, and suppliers at all tiers of the supply chain. Sophisticated threat actors exploit vulnerabilities deep in the Information and Communications Technology (ICT) supply chain as a beachhead from which they can gain access to sensitive and proprietary information further along the chain.

The Department of Homeland Security’s ICT Supply Chain Risk Management (SCRM) Task Force—the United States’ preeminent public-private supply chain risk management partnership—was established in response to these realities and entrusted with the critical mission of identifying and developing consensus strategies that enhance ICT Supply Chain security.

In addition to assembling an inventory of existing supply chain risk management efforts across government and industry, the Task Force has launched four main work streams:

  • Developing a common framework for the bi-directional sharing of supply chain risk information between government and industry;

  • Identification of processes and criteria for threat-based evaluation of ICT supplies, products, and services;

  • Identification of market segment(s) and evaluation criteria for Qualified Bidder and Manufacturer List(s); and,

  • Producing policy recommendations to incentivize the purchase of ICT from original manufacturers or authorized resellers.

The ICT SCRM Task Force’s participants include 20 federal partners as well as 40 of the largest companies in the Information Technology and Communications sectors. Companies and organizations participating in the Task Force include the following:

Accenture

IT-ISAC

AT&T

Information Technology Industry Council

BSA

Intel

CenturyLink

Interos Solutions

Charter Communications

Microsoft

Cisco Systems

National Association of Broadcasters

Comcast

NCTA

CompTIA

NTT

Cox

Palo Alto Networks

CTIA

Pioneer

CyberRx

Samsung

Cybersecurity Coalition

Sprint

Cyxtera

Synopsys

Dell

Threatsketch

FireEye

TIA

General Dynamics Information Technology

T-Mobile

HP

USTelecom

IBM

Verizon Wireless

Iconectiv

 


SCRM Resources:

Latest News:

Was this document helpful?  Yes  |  Somewhat  |  No