In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI) and other government and industry partners to promote a call to action for a unified effort by organizations across the country to “Fortify the Chain”. By “The Chain”, we are referring to the information and communications technology (ICT) supply chain, which is vital to our communities for such actions as generating electricity, operating hospitals, and supplying clean water.
The ICT supply chain is a complex, globally interconnected ecosystem that encompasses the entire lifecycle of ICT hardware, software, and managed services and a wide range of entities—including third-party vendors, suppliers, and service providers. From cell phone devices to information-sharing software, government and industry purchase these products and services and use them to power and enable critical infrastructure systems. However, a supply chain is only as strong as its weakest link. For an adversary, targeting third-party vendors and suppliers represents a way to target the government as well as other critical infrastructure.
“In light of the current threat environment, we know that sophisticated cyberattacks can happen at any time to any organization,” said Acting CISA Assistant Director Mona Harrington. “Government and industry must continue to work together to protect our critical infrastructure and the associated supply chains that underpin the very fabric of our nation and economy. At CISA, we are committed to strengthening our partnerships with industry, critical infrastructure owners and operators, to further enhance the security and resilience of the global ICT supply chain.”
In February 2022, the Departments of Homeland Security and Commerce, under the direction of President Biden’s Executive Order on America’s Supply Chains, evaluated the current supply chain conditions for select hardware and software products, identified key risks that threaten to disrupt those supply chains, and proposed a strategy to mitigate risk and strengthen supply chain resiliency.
Throughout the month of April, CISA will promote resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force, to help organizations and agencies integrate SCRM into their overall security posture.
CISA themes for each week include:
- Week 1: Power in Partnership – Fortify The Chain!
- Week 2: No Shortages of Threats – Educate to Mitigate
- Week 3: Question, Confirm, and Trust – Be Supplier Smart
- Week 4: Plan for the Future – Anticipate Change
To learn more about how CISA is enhancing supply chain resilience and to view online resources, visit CISA.gov/supply-chain-integrity-month.