In a move that supports the department’s recently heightened interest in supply chain security, the Department of Homeland Security (DHS) announced in an October 30 press release that it was putting together a supply chain task force. The task force will be responsible for assessing and mitigating threats to the supply chain — specifically, threats from other countries. Called the ICT Supply Chain Risk Management Task Force, the group will serve as part of the Supply Chain Risk Management Program (C-SCRM). C-SCRM is overseen by DHS National Protection and Programs Directorate (NPPD).
The Goals of the DHS Supply Chain Task Force
In part, this task force was formed as a preventative, protective measure to ensure that any damage done by security breaches in the ICT supply chain cannot go further than the initial breach. Otherwise, once hackers enter the system, they may be able to “swim upstream” to access sensitive information or cause disruption in the supply chain. NPPD Under Secretary Christopher Krebs stated in the press release, “Threats to the nation’s IT and communications supply chain can severely impact our national security and nearly every facet of our economy.”
DHS hopes that the security measures recommended by the task force will achieve widespread adoption across all industries, making the U.S. supply chain less susceptible to foreign attacks.
The task force will be co-chaired by Robert Mayer of USTelecom and John Miller of the Information Technology Industry Council. The first meeting took place on November 15.
In addition to working with industry leaders to assess threats to the supply chain and finding effective ways to reduce risk, the task force will also be looking for ways to incentivize enhanced supply chain security.
Making Supply Chain Security a DHS Priority
The task force isn’t the first supply chain-focused initiative rolled out by DHS. Throughout the past year, the department has made it a point to address the potential for supply chain infiltration and the possible effects of breaches. This timing is likely in response to the prominent breaches and security threats identified in recent years.
For example, DHS took action against Kaspersky Lab amid concerns over the Moscow-based antivirus firm’s vulnerability to Kremlin influence, as well as Fujian Jinhua, a Chinese chip manufacturer, for intellectual property theft.
Other Efforts to Enhance Supply Chain Security
Part of DHS’s earlier plans to boost cybersecurity measures throughout industry involved writing policy that would prioritize security when choosing government contractors, placing responsibility on companies at the top of the supply chain through strategically written contracts. DHS is also working with lawmakers to write legislation that will make it easier to take action against this type of security threat.
Ultimately, the goal is to gain more “flexibility” from Congress to do what DHS believes is necessary to “defend our country against other nation-states.” Critics say that easier access to company records and systems could be in violation of civil liberties laws as they’re currently written.
DHS also released, for the first time, a redacted version of the economic espionage report that is put together each year to help companies gain insight into the risk of supply chain infiltration and the practical and reputational impacts of breaches. It’s thought that this information will drive acceptance of DHS recommendations and encourage cooperation between companies and the government in finding and enacting solutions to create a more secure supply chain.
Image credit: Mark Van Scyoc / Shutterstock.com