The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.
At the meeting, the Task Force unanimously approved a recommendation from one of its working groups for a proposed federal acquisition rule aimed to prevent counterfeit ICT from being procured by incentivizing ICT purchase from original equipment manufacturers and authorized resellers only. The Task Force also discussed best mechanisms for providing input into the recently launched Federal Acquisition Security Council and its role in assisting in DHS’ analytical requirements laid out in the May 15th Executive Order on Securing the Information and Communications Technology and Services Supply Chain.
“Today’s meeting of the full Task Force was a timely opportunity for the ICT community across government and industry to come together to discuss progress being made at reducing risk to the Nation’s ICT supply chains, via enhanced information sharing, better understanding of risks and targeted efforts on the Federal and industry side to elevate the level of trust in critical supply chains” said Director of CISA’s National Risk Management Center, Bob Kolasky. “The National Risk Management Center is committed to this, and similar, public-private initiatives to address the most pressing risks facing the Nation’s infrastructure.”
The Task Force, which is currently made up of 40 prominent organizations in the IT and Communications Sectors and 20 federal partners from across the interagency, agreed as part of next steps to begin involving supply chain subject matter experts from outside of the IT and Communications industry; as supply chain threats often cut across many sectors.
“The opportunity to collaborate with experts representing multiple government agencies and Industry segments is, itself, a significant Task Force accomplishment,” said Robert Mayer, Senior Vice President of Cybersecurity at USTelecom and Co-Chair of the Task Force. “The quality work being produced by the working groups reflects a highly effective public private partnership.”
“The ICT Supply Chain Risk Management Task Force continues to prove both the necessity and value of public-private collaboration in tackling shared challenges to managing risks to global ICT supply chains,” said John Miller, Vice President of Policy and Senior Counsel at the Information Technology Industry Council and Co-Chair of the Task Force. “The task force has emerged as a focal point for driving government-industry teamwork and as a mechanism for providing invaluable private sector expertise to DHS and other federal government stakeholders. DHS should be commended for its foresight in standing up the task force, and industry participants from the IT and communications sectors should be lauded for their tireless work in a voluntary capacity to make the task force a success”.
Since its chartering in late 2018, the Task Force has hit the ground running as the center of gravity for public-private supply chain risk management activity. Earlier this year, the Task Force launched a set of working groups to drive initial activity. The Task Force continues to make progress towards releasing a public summary of its recommendations by the end of summer.