In a report published by the Cybersecurity and Infrastructure Security Agency recently, recommendations that can be adopted to fight a wide array of threats have been explicitly listed for the federal government’s technology supply chain. Apart from this, various task forces have been created including industry experts to counter the threats. This follows an executive order issued by the White House that required evaluation of every telecommunication transaction on a case-by-case basis and fact-based approach. This is meant to determine transactions that should be blocked and those that need to be altered. The determinants of whether the latter or former is to be done will be based on a framework designed by the Department of Homeland Security and national intelligence agencies.
The federal government, through the White House, requires the Department of Commerce to come up with rules that will increase the screening of supply chains that can be used to infiltrate the US telecom infrastructure leading to cyberattacks, economic and industrial espionage. These rules were made in response to rising suspicion between the US and China particularly on Huawei’s 5G equipment making way into the US. With the close relationship between Huawei and the Chinese government, their devices may present a threat to the infrastructure and trade secrets and can be used for espionage. The federal government is concerned with potential backdoors that can be planted in these devices to allow the Chinese to interfere with critical communication infrastructure or steal massive amounts of data.
Different government agencies are also working together to identify various legal and policy-related barriers that keep the government and supply chain industry from properly sharing information on threats in the supply chain. Sharing information regarding potential risks and bad actors is crucial in keeping the supply chain safe and locking it down from damage. The problem, however, is that information is hard to obtain. This means that recommendations need to be developed to come up with policies that will lower these barriers to access. The result of availing information to industry players is that aspects such as processes, operations and financial obstacles that limit effective communication can be eliminated.
The feds are also concerned with dozens of other supply chain-related issues that are faced currently. These issues include counterfeit parts, economic risks and cyber vulnerabilities. By cataloging these threats, federal leaders can use the information to evaluate the security posture of the nation and determine potential threats in the future. This will increase an informed decision-making process.
The bottom line in the security of the supply chain is a multi-layered approach to secure chain of custody that is made up of well-defined protocols, understanding of other regulations in the world, physical security measures, surveillance and thorough vetting. Due to the dynamic nature of the global supply chain, feds are laying down a strategy that is focused on ensuring only devices from trusted sources are installed.