Federal supply chain efforts look to work together
- By Mark Rockwell
- Apr 24, 2019
Two separate federal supply chain security efforts with overlapping mandates are figuring out how to work together.
The Information and Communications Technology Supply Chain Task Force, a public-private effort based at the Department of Homeland Security, is working to coordinate its efforts with the Office of Management and Budget's Federal Acquisition Security Council, according to ICT task force Co-Chair Bob Kolasky.
The newly formed Federal Acquisition Security Council's first meeting is next week, he said.
Kolasky, who is also director of the National Risk Management Center at DHS, briefed reporters on supply chain efforts on April 24, along with co-chairs Robert Mayer, senior vice president for cybersecurity at USTelecom, and John Miller, vice president for policy and law at ITI.
ICT Supply Chain Task Force, which was stood up last fall by DHS under the NRMC last fall, is made up of 60 government and industry partners. And in December, Congress passed the Secure Technology Act that created the Federal Acquisition Supply Chain Security Council to build greater cybersecurity resilience into federal procurement and acquisition rules.
The task force and OMB's Federal Acquisition Security Council were created to get a better handle on vulnerabilities in the technology supply chain. The two efforts will complement, not duplicate, one another, representatives from DHS and the Office of the Director of National Intelligence said at a March 27 event hosted by the Atlantic Council.
In early April, Federal Chief Information Security Officer Grant Schneider questioned whether the U.S. government and suppliers have worked out a successful model to weigh security risks in purchasing and acquisition.
Kolasky and his industry partners said they are hammering out some of those issues in their work. The first analysis of the group's work streams is still on track for release this summer, Kolasky said.
The streams include improving bi-directional threat information sharing between the government and private sector, developing criteria for evaluating when threats should lead to different risk-based decision frameworks, making recommendations on qualified bidder and manufacturer lists and setting up procurement rules around original equipment manufacturers and authorized resellers, Mayer said.
At its formation last fall, DHS said the task force agreed to conduct an analysis of the existing industry and government ecosystem to determine best practices, concentrate on critical gaps and help steer future work stream efforts to priority areas for action. ICT's industry members could share a body of work on best practices and gaps with the group in May, said Mayer.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.