Acquisition

Supply chain task force looks to keep 'lemons' out of the federal IT ecosystem

critical infrastructure security (Ravil Sayfullin/Shutterstock.com) 

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology Oct. 30. At a Nov. 1 meeting of the Information Security and Privacy Advisory Board, a DHS official provided more details on the group's composition and mission.

The task force will consist of approximately 60 members -- drawn equally from the federal government, the tech sector and the communications sector, according to Emile Monette, a cybersecurity strategist at DHS and co-chair. Monette told FCW after the meeting that "most" of the group's membership has been solidified, but that DHS is planning to provide more specifics in the next few weeks.

An executive committee, roughly half the full task force's size, will meet in mid-November to begin laying out priorities and setting up work streams, such as tweaking to Federal Acquisition Regulation rules requiring the government to purchase certain IT and communications products from the original manufacturer or authorized resellers.

Monette compared the task force's role to that of third-party information brokers like CarMax in auto sales, arming buyers with the data and context about a purchase that can prevent them from buying lemons.

"We have to change the behavior and the culture of buyers who are blindly trusting these actors in the supply chain," Monette said. "We also have to change the behavior and the culture of the technology suppliers."

Monette said there's plenty of "low-hanging fruit" in supply chain security -- initiatives and ideas that have been around for years or decades without sufficient action being taken. However, Monette said the task force would have to rely on a mix of stakeholders in the public and private sector to make an impact on industry practices. Some action items could be tackled through the agency's authority to issue binding operational directives to federal agencies, while others would require congressional or private sector action.

"DHS has certain authorities and things we can affect. For other things we will rely on our other agencies partners or OMB or the Hill," he said. "For other things we will, as a government and industry group, make recommendations that we endorse a certain set of practices for the private sector to take up."

Chris Boyer, assistant vice president of AT&T and ISPAB chair, expressed concern over how the task force would be able to develop ideas and recommendations that are broadly applicable for members of the tech and communications sectors while still covering the diversity of products and services covered under its mandate.

"The challenge you have," Boyer said, "is how do you create a structure that determines standards for the entire industry…that on the one hand is inclusive and transparent to all impacted parties but on the other hand is not so large that it becomes unwieldly and remains a usable work product?"

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.