NSTAC goes big-picture on telecom supply chain security

After a year-long inquiry into how to secure information and communications technology (ICT), the National Security Telecommunications Advisory Committee submitted its formal report to the Department of Homeland Security on Sept. 3.

NSTAC's Report to the President on Advancing Resiliency and Fostering Innovation in the ICT Ecosystem is a companion study to the committee's "Cybersecurity Moonshot" effort to secure the nation's critical infrastructure and national security in the face of advancing cyber threats.

The report looked at communications technologies that are key to national security and emergency preparedness. Dave DeWalt, the NSTAC member who oversaw the study, said the idea for a more holistic approach to ICT supply chain security was driven by 5G wireless networks' de facto dependency on foreign manufacturers.

"The dependency on foreign 5G suppliers" focused the issue of protecting the supply chain for communications infrastructure, DeWalt said during the Sept. 3 NSTAC meeting. The report is a "step back" from that ongoing 5G foreign supplier policy discussion, taking a more holistic look at how the federal government and industry can work together to come up with effective, market-based security solutions for technologies such as 5G, artificial intelligence and quantum computing, he said.

Begun last September, the ICT ecosystem report is based on some two dozen briefings with technology companies, critical infrastructure providers, academia and subject matter experts, according to DeWalt.

Key to the effort, he told NSTAC, is a new single senior advisor in the White House who will help connect federal and industry stakeholder supply chain efforts. That advisor, he said, will also set ICT cybersecurity innovation goals and coordinate government policy.

With the NSTAC approval, the group will submit the report to the DHS secretary, who will then hand it on to the president for review, said NSTAC Chairman John Donovan, who is also CEO of AT&T  Communications. In an aside to the committee, Donovan said he is retiring from his position at AT&T, but plans to continue on at NSTAC's leader.

"I look forward to getting the study," Grant Schneider, the National Security Council's senior director for cybersecurity policy, said at the meeting. Schneider said the recommendations in the report are aligned with many of the supply chain initiatives already underway in the federal government.

As a final note, Schneider asked NSTAC to take up a new study on software-defined networks. SDN, he said, could help with some of the challenges emerging as technologies advance. "We don't want to get behind the eight-ball" on the supply chain for those emerging technologies, as happened with 5G technology, he said.

The SDN study, Schneider said, should identify best practices and strategic plans for the technology in federal and commercial critical infrastructure networks as well as cost/benefit analysis of its use.