Government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to announce new members and map out the Task Force’s 2022 workplan.
Co-chaired by the Cybersecurity and Infrastructure Security Agency (CISA) and the Information Technology and Communications Sector Coordinating Councils, the Task Force is a public-private partnership focused on identifying and addressing unique challenges impacting global ICT supply chains. The three new governmental partners announced at the meeting includes the Small Business Administration (SBA), National Association of State Procurement Officials, and the National Association of State Chief Information Officers. The new members will help to develop actionable solutions to enhance ICT supply chain resilience.
“Given the risks facing the Nation’s supply chains, particularly around hardware and software, the work of the Task Force remains essential,” said Bob Kolasky, CISA Assistant Director and ICT SCRM Task Force Co-Chair. “One of our goals this year is to expand the utility of the work of the Task Force to a broader audience. As part of that, we are thrilled that representatives of key state organizations and the SBA are joining the Task Force. They will bring a fresh perspective to our work and help connect efforts with a broader community.”
In addition to announcing new members, the Task Force voted to approve the establishment of a new working group for year three. The Hardware Bill of Materials Working Group will focus on identifying appropriate information for the development of a baseline hardware bill of materials template that organizations can use when procuring or deploying ICT products.
The Task Force also voted to continue ongoing efforts for two existing working groups:
- The Small and Medium-Sized Businesses Working Group, which engages the small and medium-sized business community to understand their needs and tailor Task Force products to meet their needs.
- The Product Marketing (formerly Product Use Acceleration) Working Group, which engages with stakeholders to ensure Task Force products provide useful and meaningful information.
In the coming months, the Task Force plans to scope two additional areas of focus to address ICT supply chain risk related to promoting software assurance and the utility of Software Bill of Materials across the ICT community. Other efforts include the expansion of relationships with international partners, new sectors, and stakeholders.
“For more than three years, the Task Force has served as a model for effective industry and government collaboration to identify – and mitigate – the very specific supply chain challenges facing global ICT companies,” said Robert Mayer, Senior Vice President, Cybersecurity and Innovation, USTelecom and Task Force Co-Chair. “This partnership is more critical than ever. We are focused on bringing together supply chain experts from diverse organizations to enhance resiliency via practical, actionable, and cost-effective solutions for enterprises. In the year ahead, we will identify supply chain activities across multiple departments and agencies to avoid duplication of effort and utilize our collective resources in the most efficient ways possible.”
“The Task Force’s launch in December 2018 proved prescient in identifying the need for government and industry collaboration to achieving the trusted, secure, and reliable global ICT supply chains necessary to protect U.S. national and economic security,” said John Miller, ITI Vice President of Policy and Senior Counsel and Task Force Co-Chair. “The expansion of the Task Force’s participation across the business community and government reinforces the broad resonance of our important work toward a fully comprehensive approach that drives actionable solutions to ICT supply chain security challenges in today’s dynamic environment. We look forward to carrying the Task Force’s critical mission forward in 2022 and beyond and to continuing to address our shared supply chain challenges.”
Since its establishment, the Task Force has proved to be crucial for public-private supply chain risk management activity. In August 2021, it was extended to July 31, 2023 to continue to explore means to build partnerships, develop new resources, and collectively enhance ICT supply chain resilience.
To learn more about ICT supply chain risk management, please visit CISA.gov/ict-scrm-task-force.