CISA’s ICT Supply Chain Risk Management Task Force Approves Recommendations and Interim Report

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to vote on a set of recommendations and an Interim Report designed to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.

At the meeting, the Task Force approved the recommendations of three of the four constituent Working Groups. Back in June of this year, the Task Force had approved the fourth working group’s recommendation for a proposed federal acquisition rule aimed to prevent counterfeit ICT from being procured by incentivizing ICT purchase from original equipment manufacturers and authorized resellers only.

The recommendations are summarized in an Interim Report, which lays out the work of the ICT SCRM Task Force since its establishment one year ago. The Report details the methodologies, key findings, recommendations, and potential areas for further study identified by each of the working groups, which launched earlier this year to drive initial activity.

“The Interim Report is an important step in the work of the Task Force,” said CISA Assistant Director Bob Kolasky who runs the National Risk Management Center and co-chairs the Task Force. It is intended to provide insight and transparency on the work of the Task Force, serve as a reference document for supply chain professionals, and lay the foundation for a recommended path forward to secure the Nation’s ICT supply chain.  I thank the members of the Task Force for the effort that has gone into our work over the last year.”

“This is a major milestone for the task force and represents a key achievement of the public-private partnership that is essential to protect our supply chain,” Robert Mayer, SVP Cybersecurity at USTelecom and Co-Chair of the Task Force. Our task force has produced a substantive report that will not only increase collaboration across ICT and government, but ultimately get us closer to identifying and reducing the cyber risks that threaten the increasingly intertwined global digital economy.”

“The Task Force was chartered to deliver actionable recommendations to help public and private sector partners better assess and manage risks to the complex global ICT supply chain,” said John Miller, ITI Vice President of Policy and Senior Counsel and Co-Chair of the Task Force.  “This report highlights our progress toward this goal and offers meaningful solutions to our shared global supply chain challenges. We will continue to work together to drive the policy recommendations from this report and future work products.”

The Task Force expects to officially release the Interim Report at CISA’s 2nd Annual National Cybersecurity Summit.



Last Published Date: December 7, 2020