Shoring up supply chain security
- By Sean Lyngaas
- Oct 30, 2015
What: A new report advising governments on how to make their information and communications technology (ICT) supply chains more secure, written by the New America Foundation's Danielle Kriz and published by the Council on Foreign Relations.
Why: Governments that are increasingly reliant on ICT to do business are demanding that vendors get more secure. But some policy proposals for doing so are wrongheaded, Kriz wrote.
Supply chain measures should address clear gaps in policy, work globally, improve the government's ICT procurement practices and boost cyberthreat information sharing with vendors, she said. They should not, however, discriminate against products from a certain country.
The broad nature of the challenge means several U.S. agencies have weighed in on ICT supply chain security, including the Defense Department, the Department of Homeland Security and the Office of Management and Budget.
The report notes a "plethora of worrisome approaches" to securing ICT supply chains that ignored their global nature. For example, in 2013, DOD proposed making vendors use a particular security technology. U.S. laws that require closer scrutiny of ICT products from certain countries are also misguided, Kriz said. The report also faults India and China for protectionist procurement policies.
Kriz argued that country-of-origin requirements hurt ICT security because software development processes can have a greater impact on security than where the product is made.
Verbatim: "Policies mandating certain technologies, standards or practices cannot keep up with threats that evolve constantly and affect each firm uniquely. A check-the-box compliance regime will likely deter firms from responding to risks for fear of violating a regulation, and divert resources from where security is needed and from developing responses to new risks."
Click here to read the full report.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.