data center security

Supply chain task force maps out priorities

The Department of Homeland Security is laying the groundwork for securing the technology supply chain.

An  Information and Communications Technology supply chain task force and its working groups will create an inventory of current supply chain activities taking place across the federal government and industry so it can deliver informed recommendations on:

  • Improving bi-directional threat information sharing between the government and private sector.
  • Developing criteria for evaluating when threats should lead to risk-based decision frameworks.
  • Building qualified bidder and manufacturer lists.
  • Setting up procurement rules around original equipment manufacturers and authorized resellers.

The recommendations expected this summer will help guide reforms to federal and industry acquisition practices, Bob Kolasky, director of the National Risk Management Center and co-chair of the supply chain task force, said in a March 16 interview with Government Matters.

Kolasky said a key metric to judge the group's success will be "did this fundamentally change the nature of how risks are being managed in the supply chain?"

"I want to come back years from now and say these recommendations made a difference in supply chain risk management," Kolasky said. "Do [they] make sense? Are they accepted in the policy process where they're linked to policies? Are businesses starting to do things? is it going to lead to building a more robust information repository?"

The task force will also need to figure out how best to work alongside another cross-agency body, the Federal Acquisition Security Council, which will also focus on supply chain security. The council was established through legislation passed by Congress late last year and is charged with a similar, overlapping mission, helping to steer development of National Institute of Standards and Technology guidance, crafting information sharing protocols and diving into federal procurement law.

On March 18, DHS released its fiscal year 2020 budget request  that included $68 million and 169 employees for the National Risk Management Center, which houses the task force. The budget would realign $18.4 million and 35 employees from the Cybersecurity and Infrastructure Security Agency to the center to support a range of activities, including work on the supply chain.

This article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected