CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force
WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced a two-year renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force. The Task Force, chaired by CISA’s National Risk Management Center (NRMC) and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private sector organizations charged with identifying challenges and devising realistic, actionable, and risk-based recommendations and solutions for managing risks to the global ICT supply chain.
Over the last two years, the Task Force’s working groups have diligently and collaboratively produced valuable products, resources, and tools that help mitigate risks to the ICT supply chain. “The work of the Task Force has been invaluable in mitigating supply chain risks within the ICT supply chain. Renewing the charter ensures that the Task Force can continue to apply its subject matter expertise in identifying solutions and mitigations to the significant ICT supply chain risks and threats facing our Nation,” said Assistant Director of NRMC and ICT Task Force Co-Chair Mona Harrington. “The Task Force has tackled many tough supply chain issues facing the ICT community and has developed a variety of products such as a Hardware Bill of Materials Framework and risk management guides for small and medium-sized businesses.”
In 2023, the Task Force released three products including:
- Small and Medium-Sized Businesses (SMB) Resource Handbook. This Handbook provides an overview of the most critical supply chain risk categories commonly faced by ICT SMBs and provides resources that can assist SMBs mitigate against these risks.
- Empowering Small and Medium-Sized Businesses Resource Guide. This Guide offers businesses the tools to develop an actionable supply chain risk management plan to mitigate the risk of disruption to their supply chain, enhance supply chain resilience, and satisfy requests from stakeholder procurement processes.
- Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management. This product provides a baseline Framework for organizations to consider when building their own HBOM. The Framework includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate depending on the purpose for which the HBOM will be used.
“As threats to the global ICT supply chain have become increasingly sophisticated and pervasive, solutions that leverage public and private expertise are critical. The Task Force was established several years ago as the preeminent public-private partnership for developing actionable tools to address our most pressing supply chain issues,” said ITI Vice President of Policy and Senior Counsel and IT Sector Co-Chair of the Task Force John Miller. “To that end, the Task Force recently stood up an Artificial Intelligence Working Group to identify AI related supply chain risks and mitigations. We welcome the renewal of the Task Force charter and continuing our important work to address our shared supply chain risk management challenges.”
“Supply chain attacks on our global ICT infrastructure have become more frequent, aggressive, and increasingly consequential. Throughout the last several years, the critical work that the Task Force developed has provided profound support for our public and private sector stakeholders in terms of mitigating supply chain risks,” said US Telecom Senior Vice President, Cybersecurity and Innovation, and Communications Sector Task Force Co-Chair Robert Mayer.
The renewal of the Task Force will allow working groups to continue the development of valuable products such as the Software Assurance Buyers Guide and continue work related to the newly formed Artificial Intelligence (AI) working group. The AI working group seeks to identify beneficial ways in which AI can be used to mitigate threats posed to ICT SCRM processes. Additionally, the Task Force will be hosting its first annual ICT SCRM Task Force Conference. The charter renewal will also ensure that both government and industry members can continue to collaborate on other ongoing public-private engagement efforts around supply chain.
In the next two years, through January 2026, the Task Force will continue to explore means for building and strengthening partnerships with stakeholders who can help grow the applicability and utilization of Task Force products, tools, and resources to better manage risks facing the ICT supply chain. With the interconnectedness between the sectors and the scale of supply chain risks faced by both government and industry, private-public coordination is essential to enhance ICT supply chain resilience.
For more information, please visit: ICT Supply Chain Risk Management Task Force | CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.