Federal supply chain efforts look to work together
A supply chain security task force at DHS is working to align its efforts with OMB's Federal Acquisition Security Council.
Two separate federal supply chain security efforts with overlapping mandates are figuring out how to work together.
The Information and Communications Technology Supply Chain Task Force, a public-private effort based at the Department of Homeland Security, is working to coordinate its efforts with the Office of Management and Budget's Federal Acquisition Security Council, according to ICT task force Co-Chair Bob Kolasky.
The newly formed Federal Acquisition Security Council's first meeting is next week, he said.
Kolasky, who is also director of the National Risk Management Center at DHS, briefed reporters on supply chain efforts on April 24, along with co-chairs Robert Mayer, senior vice president for cybersecurity at USTelecom, and John Miller, vice president for policy and law at ITI.
ICT Supply Chain Task Force, which was stood up last fall by DHS under the NRMC last fall, is made up of 60 government and industry partners. And in December, Congress passed the Secure Technology Act that created the Federal Acquisition Supply Chain Security Council to build greater cybersecurity resilience into federal procurement and acquisition rules.
The task force and OMB's Federal Acquisition Security Council were created to get a better handle on vulnerabilities in the technology supply chain. The two efforts will complement, not duplicate, one another, representatives from DHS and the Office of the Director of National Intelligence said at a March 27 event hosted by the Atlantic Council.
In early April, Federal Chief Information Security Officer Grant Schneider questioned whether the U.S. government and suppliers have worked out a successful model to weigh security risks in purchasing and acquisition.
Kolasky and his industry partners said they are hammering out some of those issues in their work. The first analysis of the group's work streams is still on track for release this summer, Kolasky said.
The streams include improving bi-directional threat information sharing between the government and private sector, developing criteria for evaluating when threats should lead to different risk-based decision frameworks, making recommendations on qualified bidder and manufacturer lists and setting up procurement rules around original equipment manufacturers and authorized resellers, Mayer said.
At its formation last fall, DHS said the task force agreed to conduct an analysis of the existing industry and government ecosystem to determine best practices, concentrate on critical gaps and help steer future work stream efforts to priority areas for action. ICT's industry members could share a body of work on best practices and gaps with the group in May, said Mayer.