A supply chain is only as strong as its weakest link. The cyber threat from foreign adversaries, hackers, and criminals presents significant and new risks to government and industry. Constant, targeted, and well-funded attacks by malicious actors threaten government and industry alike by way of their contractors, sub-contractors, and suppliers at all tiers of the supply chain. Sophisticated threat actors exploit vulnerabilities deep in the Information and Communications Technology (ICT) supply chain as a beachhead from which they can gain access to sensitive and proprietary information further along the chain.
The Department of Homeland Security’s ICT Supply Chain Risk Management (SCRM) Task Force—the United States’ preeminent public-private supply chain risk management partnership—was established in response to these realities and entrusted with the critical mission of identifying and developing consensus strategies that enhance ICT Supply Chain security.
In addition to assembling an inventory of existing supply chain risk management efforts across government and industry, the Task Force has launched four main work streams:
-
Developing a common framework for the bi-directional sharing of supply chain risk information between government and industry;
-
Identification of processes and criteria for threat-based evaluation of ICT supplies, products, and services;
-
Identification of market segment(s) and evaluation criteria for Qualified Bidder and Manufacturer List(s); and,
-
Producing policy recommendations to incentivize the purchase of ICT from original manufacturers or authorized resellers.
The ICT SCRM Task Force’s participants include 20 federal partners as well as 40 of the largest companies in the Information Technology and Communications sectors. Companies and organizations participating in the Task Force include the following:
|
Accenture |
IT-ISAC |
|
AT&T |
Information Technology Industry Council |
|
BSA |
Intel |
|
CenturyLink |
Interos Solutions |
|
Charter Communications |
Microsoft |
|
Cisco Systems |
National Association of Broadcasters |
|
Comcast |
NCTA |
|
CompTIA |
NTT |
|
Cox |
Palo Alto Networks |
|
CTIA |
Pioneer |
|
CyberRx |
Samsung |
|
Cybersecurity Coalition |
Sprint |
|
Cyxtera |
Synopsys |
|
Dell |
Threatsketch |
|
FireEye |
TIA |
|
General Dynamics Information Technology |
T-Mobile |
|
HP |
USTelecom |
|
IBM |
Verizon Wireless |
|
Iconectiv |
|
SCRM Resources:
Latest News:
- Press Release – CISA’s ICT SCRM Task Force Approves Recommendations and Interim Report
- Press Release – CISA’s ICT SCRM Task Force Launched Work Streams
- Press Release – DHS and Private Sector Partners Establish ICT SCRM Task Force
- Press Release - DHS Announces ICT SCRM Task Force Members