home Cyber Cyber Security Effort to Cut Loose Ends in Supply Chain Security

Effort to Cut Loose Ends in Supply Chain Security

Dec 2, 2018

This post is also available in: עברית (Hebrew)

Lately, there’s been a noticeable rise in interest in supply chain security by the US Department of Homeland Security. A recent example for this has been a press release that it was putting together a supply chain task force. The task force will be responsible for assessing and mitigating threats to the supply chain — specifically, threats from other countries. Called the ICT Supply Chain Risk Management Task Force, the group will serve as part of the Supply Chain Risk Management Program (C-SCRM), which is overseen by the DHS National Protection and Programs Directorate (NPPD).

According to thomasnet.com, this force was formed as a preventative, protective measure to ensure that any damage done by security breaches in the ICT supply chain cannot go further than the initial breach. Otherwise, once hackers enter the system, they may be able to “swim upstream” to access sensitive information or cause disruption in the supply chain.

NPPD Under Secretary Christopher Krebs stated in the press release, “Threats to the nation’s IT and communications supply chain can severely impact our national security and nearly every facet of our economy.” DHS hopes that the security measures recommended by the task force will achieve widespread adoption across all industries, making the U.S. supply chain less susceptible to foreign attacks.

In addition to working with industry leaders to assess threats to the supply chain and finding effective ways to reduce risk, the task force will also be looking for ways to incentivize enhanced supply chain security. In addition, as stated on axios.com, Cisco has already guaranteed that it will take part in the initiative.

As stated earlier, the task force isn’t the first supply chain-focused initiative rolled out by DHS. Throughout the past year, the department has made it clear that the issue is of utmost importance and that potential infiltration to the supply chain can bring along disastrous scenarios. This timing is likely in response to the prominent breaches and security threats identified in recent years. For example, DHS took action against Kaspersky Lab amid concerns over the Moscow-based antivirus firm’s vulnerability to Kremlin influence, as well as Fujian Jinhua, a Chinese chip manufacturer, for intellectual property theft.

Part of DHS’s earlier plans to boost cybersecurity measures throughout industry involved writing policy that would prioritize security when choosing government contractors, placing responsibility on companies at the top of the supply chain through strategically written contracts. DHS is also working with lawmakers to write legislation that will make it easier to take action against this type of security threat.