Supply Chain

NRMC Initiatives

The NRMC incorporated sector expertise to implement initiatives to secure the National Critical Functions (NCF) at the highest risk of an attack or threat, including election security, pipeline cybersecurity, supply chain risks, 5G, and electromagnetic pulse events.

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.

Last Updated Date: March 19, 2020

NRMC Resources

This page provides National Risk Management Center (NRMC) outreach materials, information, and guides. Download and share these NRMC resources to enhance critical infrastructure resiliency.

NRMC

CISA's National Risk Management Center works closely with the critical infrastructure community to identify and analyze the most significant risks to our Nation and strategically manage long-term resiliency and security efforts to “Secure Tomorrow”.

ICT SCRM Task Force: Interim Report

This Interim Report (Report) describes the work of the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA)’s Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force (Task Force) over the past year. As described in this Report, the Task Force is a collaborative endeavor between representatives of industry and government designed to investigate and recommend methods to manage ICT supply chain risks. Its agile, mission-focused approach addresses these issues head-on and provides actionable outputs that create tangible results.

CISA’s ICT Supply Chain Risk Management Task Force Approves Recommendations and Interim Report

Release Date: September 13, 2019
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to vote on a set of recommendations and an Interim Report designed to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.
Last Published Date: September 13, 2019

Overview of Risks Introduced by 5G Adoption in the United States

5G is the next generation of wireless networks, building upon existing 4G Long-Term Evolution (LTE) infrastructure and improving the bandwidth, capacity, and reliability of wireless broadband services. It is intended to meet increasing data and communication requirements, including capacity for tens of billions of connected devices that will make up the Internet of Things (IoT), ultra-low latency required for critical near-real time communications, and faster speeds to support emerging technologies. 5G is expected to bring security improvements and a better user experience, but supply chain, deployment, network security, and competition and choice vulnerabilities may affect the security and resilience of 5G networks.

CISA’s ICT Supply Chain Risk Management Task Force Makes Key Acquisition Recommendation

Release Date: June 20, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains. 

Last Published Date: June 20, 2019

Supply Chain Risks for Information and Communication Technology

U.S. critical infrastructure relies on Information and Communications Technology (ICT)—defined by the National Institute of Standards and Technology as “the capture, storage, retrieval, processing, display, representation, presentation, organization, management, security, transfer, and interchange of data and information”—for daily operations and functionality. The Design, Development and Production, Distribution, Acquisition and Deployment, Maintenance, and Disposal phases of the ICT supply chain are susceptible to the malicious or inadvertent introduction of vulnerabilities such as malicious software and hardware; counterfeit components; and poor product designs, manufacturing processes, and maintenance procedures.