The increase in digitization and use of information and communications technology (ICT) has improved ability of many companies to provide National Critical Functions. ICT enables access to real-time information, remote entry to networks, instant communication, and so much more. At the same time, nation-states seeking to cause harm to the United States (i.e., espionage or stealing information) have thousands of companies and entry points to choose from. The government buys ICT from private industry, and while many of those companies know their direct suppliers, they may not know who their suppliers’ suppliers are. For an adversary, targeting those second- or third-tier supplies represents a way to target the government as well as other critical functions.
In a world of shared risks, securing the global ICT supply chain requires an ongoing, unified effort between government and industry. In response, the ICT Supply Chain Risk Management Task Force, a public-private partnership for enhancing supply chain resilience, has developed two new resources: 1) to address liability challenges on sharing supply chain threat information and, 2) to assist small and medium-sized businesses (SMBs) with mitigating ICT supply chain risks.
Source: U.S. Cybersecurity and Infrastructure Security Agency