Supply chain task force maps out priorities
- By Derek B. Johnson
- Mar 19, 2019
The Department of Homeland Security is laying the groundwork for securing the technology supply chain.
An Information and Communications Technology supply chain task force and its working groups will create an inventory of current supply chain activities taking place across the federal government and industry so it can deliver informed recommendations on:
- Improving bi-directional threat information sharing between the government and private sector.
- Developing criteria for evaluating when threats should lead to risk-based decision frameworks.
- Building qualified bidder and manufacturer lists.
- Setting up procurement rules around original equipment manufacturers and authorized resellers.
The recommendations expected this summer will help guide reforms to federal and industry acquisition practices, Bob Kolasky, director of the National Risk Management Center and co-chair of the supply chain task force, said in a March 16 interview with Government Matters.
Kolasky said a key metric to judge the group's success will be "did this fundamentally change the nature of how risks are being managed in the supply chain?"
"I want to come back years from now and say these recommendations made a difference in supply chain risk management," Kolasky said. "Do [they] make sense? Are they accepted in the policy process where they're linked to policies? Are businesses starting to do things? is it going to lead to building a more robust information repository?"
The task force will also need to figure out how best to work alongside another cross-agency body, the Federal Acquisition Security Council, which will also focus on supply chain security. The council was established through legislation passed by Congress late last year and is charged with a similar, overlapping mission, helping to steer development of National Institute of Standards and Technology guidance, crafting information sharing protocols and diving into federal procurement law.
On March 18, DHS released its fiscal year 2020 budget request that included $68 million and 169 employees for the National Risk Management Center, which houses the task force. The budget would realign $18.4 million and 35 employees from the Cybersecurity and Infrastructure Security Agency to the center to support a range of activities, including work on the supply chain.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.