A task force launched by the Department of Homeland Security's cyber security agency that is focused on supply chain risk management for information and communications technology (ICT) began meeting last week and has identified four initial efforts related to information sharing, evaluating technologies for threats, developing qualified lists of bidders and manufacturers, and incentivizing the purchase of technologies from their original manufacturers and authorized sellers.
The public-private ICT Supply Chain Risk Management (SCRM) Task Force "is the main private sector point of entry four our SCRM efforts," Robert Kolasky, director of the DHS National Risk Management Center (NRMC), told a House panel on Tuesday. The NRMC is part of the Cybersecurity and Infrastructure Security Agency (CISA), which launched the task force last summer.
DHS said on Tuesday that the task force will also be a one of the "touch points" for industry and government to come together around the new Federal Acquisition Security Council, which will help the federal government assess national security threats to the supply chain for IT.
"Supply chain threats by their very nature cut across multiple sectors and vulnerability on one device can have ripple effects for the economy and national security," Kolasky said in a statement issued by DHS. "While no one company or agency can tackle the challenge on its own, by working together through this Task Force, government and industry and identify and manage this risk that affects all of us."
The task force is made up of 60 members from government and the private sector, and includes participation from companies such as AT&T [T], Cisco Systems [CSCO], FireEye [FEYE], General Dynamics [GD], IBM [IBM], Palo Alto Networks [PANW], and Verizon Wireless [VZ]. Government agencies on the task force include the Defense Department, DHS, the Departments of Justice and Treasury, the FBI, the Federal Communications Commission, NASA and the Office of the Director of National Intelligence.
DHS announced the NRMC last July in response to an increasing wave of cyber security threats that require a more integrated and cooperative approach to defending against.
Kolasky, testifying before a House Homeland Security Committee hearing on cyber security threats to the surface transportation community, said that the supply chain is globalized and cited a recent threat report from the ODNI that says, "'Our most capable adversaries can access this supply chain at multiple points, establishing advanced, persistent, and multifaceted subversion.'"