The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force’s first interim report, which details the groups’ progress since its formation.
The report details the work of the ICT Task Force – composed of Federal and industry leaders – over the past year after it was formed in 2018 with “strategic mandates to provide a forum for the collaboration of private sector owners and operators of ICT critical infrastructure and to provide advice and recommendations to DHS on means for assessing and managing risks associated with the ICT supply chain.”
The Task Force is made up of four Working Groups, each tasked with addressing a specific area of focus, including:
- Information sharing in Working Group 1;
- Threat evaluation in Working Group 2;
- Qualified bidder lists and qualified manufacturer lists in Working Group 3; and
- Policy recommendations to incentivize purchase of ICT from original equipment manufacturers and authorized resellers in Working Group 4.
“What we’ve seen with this Task Force … is we’ve actually taken foundations of the partnership, the foundations of our ability to work together, and we’re starting to work hard together towards specific problems,” Assistant Director for CISA’s National Risk Management Center Bob Kolasky said at the CISA Cybersecurity Summit.
Going forward, Kolasky says that the Task Force will begin to have discussions about the difficulties of small and medium-sized businesses when dealing with risk management and that there’s an education element that goes beyond incentivizing for secure supply chain.