National Protection and Programs Directorate
Washington – The U.S. Department of Homeland Security (DHS) announced today the formation and chartering of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, a public-private partnership to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain.
The cyber threat presented by foreign adversaries, hackers, and criminals presents significant new risk to government and industry. Their contractors, sub-contractors, and suppliers at all tiers of the supply chain are under constant attack, targeted by increasingly sophisticated and well-funded adversaries seeking to steal, compromise, alter or destroy sensitive information. In some cases, advanced threat actors target businesses deep in the ICT supply chain to gain a foothold and then swim upstream to gain access to sensitive information and intellectual property.
“Threats to the nation’s IT and communications supply chain can severely impact our national security and nearly every facet of our economy” said National Protection and Programs Directorate Under Secretary Christopher Krebs. “The nature of supply chain threats, because they can encompass a product’s entire life cycle and often involve hardware, make them particularly challenging to defend against. Government and industry have a shared interest and thus a shared responsibility in identifying and mitigating these threats in partnership. The Task Force will seek holistic solutions across a broad set of stakeholders to develop near-and long-term strategies to address supply chain risks.”
“DHS and its leadership have a deep-rooted understanding of the challenges presented by supply chain risks and the resolve to lead an effective approach to drive real progress,” said Robert Mayer, Senior Vice President for Cybersecurity at US Telecom and co-chair of the task force. “The ICT Supply Chain Risk Management Task Force embodies the type of cross-sector, whole-of-government engagement that is critical to protecting our global, digital economy. The Communications sector welcomes this collaborative opportunity to identify practical, efficient, and forward-looking strategies and solutions to mitigate supply chain risks.”
"The Department of Homeland Security and the ICT sector understand that fostering resilient global supply chains is a critical priority," said John Miller, Vice President for Policy and Law at ITI and co-chair of the task force. "The ICT Supply Chain Risk Management Task Force presents a unique opportunity for industry and government to collaborate to comprehensively assess and proactively address the global supply chain risks facing companies and their customers alike. We thank DHS for its leadership on these important issues and we look forward to working with the Department and other stakeholders.”
The Task Force is the latest manifestation of the Department’s collective defense approach to cybersecurity risk management, bringing together industry and government to identify challenges and devise workable solutions.
The Task Force is a key component of the DHS National Protection and Programs Directorate’s (NPPD) Cyber Supply Chain Risk Management (C-SCRM) Program. The C-SCRM Program leads national efforts to address risks to ICT product and service supply chains by developing and deploying supply chain risk management capabilities for Federal Civilian Executive Branch agencies, private sector critical infrastructure owners and operators, and state, local, tribal, and territorial governments. The Task Force, sponsored by the DHS National Risk Management Center, is the main private sector point of entry for the C-SCRM Program and is jointly chaired by DHS and the chairs of the Information Technology (IT) and Communications Sector Coordinating Councils.
Task Force membership will include representatives from an impressive roster of companies across the IT and Communications Sectors. The Task Force will first meet as a group in the coming weeks. Following that meeting, initial work streams and a formal membership list will be announced.