The Cybersecurity and Infrastructure Security Agency (CISA) has announced the renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force for a two-year period.
Chaired by CISA’s National Risk Management Center (NRMC) and Sector Coordinating Councils, this public-private partnership aims to identify and address challenges related to managing risks in the global ICT supply chain.
Over the past two years, the Task Force has produced valuable resources and tools, such as the Small and Medium-Sized Businesses (SMB) Resource Handbook and the Hardware Bill of Materials (HBOM) Framework, to mitigate supply chain risks.
In 2023, the Task Force released three key products, including the SMB Resource Handbook, which provides critical information and resources for SMBs to mitigate supply chain risks effectively. Additionally, the Empowering Small and Medium-Sized Businesses Resource Guide offers actionable tools for developing supply chain risk management plans, while the HBOM Framework provides organizations with a baseline for building their own HBOM.
These initiatives underscore the Task Force’s commitment to enhancing supply chain resilience and addressing evolving threats. The renewal of the Task Force’s charter reflects the ongoing need for collaborative efforts in addressing supply chain risks, particularly in the face of increasingly sophisticated threats.
By leveraging public and private sector expertise, the Task Force aims to develop actionable solutions to mitigate risks and enhance resilience in the ICT supply chain. Moving forward, the Task Force will continue its important work, including the establishment of an Artificial Intelligence (AI) Working Group to address AI-related supply chain risks.
Through partnerships with stakeholders and ongoing collaboration between government and industry members, the Task Force seeks to expand the applicability and utilization of its products, tools, and resources.
With the interconnectedness between sectors and the scale of supply chain risks faced by both government and industry, private-public coordination remains essential to bolstering ICT supply chain resilience and safeguarding critical infrastructure.
Reference:
