DHS supply chain task force tees up plans

A Department of Homeland Security official said a task force focused on securing the technology supply chain from cybersecurity threats is aiming to deliver a series of recommendations this summer to help guide reforms to federal and industry acquisition practices

In a March 16 interview with Government Matters, Bob Kolasky, Director of the National Risk Management Center and co-chair of the supply chain task force, said there are currently five working groups dedicated to laying the ground work for five priorities that will tee up larger initiatives down the line.

Those priorities include creating a general inventory of supply chain activities taking place across the federal government, improving bi-directional threat information sharing between the government and private sector, developing criteria for evaluating when threats should lead to different risk-based decision frameworks, making recommendations on qualified bidder and manufacturer lists and how to set up procurement rules around original equipment manufacturers and authorized resellers.

The task force, chaired by DHS and populated with representatives from industry, the contracting community other executive branch agencies and subject matter experts, met for the first time last week.

Kolasky said a key metric to judge the group's success is "did this fundamentally change the nature of how risks are being managed in the supply chain?"

"I want to come back years from now and say these recommendations made a difference in supply chain risk management," Kolasky said. "Do [they] make sense? Are they accepted in the policy process where they're linked to policies? Are businesses starting to do things? is it going to lead to building a more robust information repository?"

The task force will also need to figure out how best to work alongside another cross-agency body, the Federal Acquisition Security Council, that will also focus on supply chain security. The council was established through legislation passed by Congress late last year and is charged with a similar, overlapping mission, helping to steer development of National Institute of Standards and Technology guidance, crafting information sharing protocols and diving into federal procurement law.

On Mar. 18, DHS released a budget request for fiscal year 2020 that included $68 million and 169 employees for the National Risk Management Center, which houses the task force. The budget would realign $18.4 million and 35 employees from the Cybersecurity and Infrastructure Security Agency to the center to support a range of activities, including work on the supply chain.