Focusing on Tech, CISA Report Provides Guidance on Supply Chain Risks
The new report aims to help critical sectors ensure effective supply chain resilience by focusing on information and communications technology risks.
The pandemic highlighted how just-in-time global supply chains – such as those used by manufacturing, automotive and electronic components – can be shattered.
A year ago, President Biden responded by signing Executive Order 14017 to strengthen the resilience of U.S. supply chains. This included a request for the Department of Commerce (DOC) and the Department of Homeland Security (DHS) to review the industrial base for Information and Communication Technology (ICT) software, data, and services that support supply chains.
Findings and recommendations from the DOC and the DHS were published in February 2022 by the Cybersecurity and Infrastructure Security Agency (CISA).
The 97-page report summarizes conditions facing the ICT industry, including critical risks that could disrupt or threaten supply chains, with strategies to mitigate risk by increasing supply chain visibility and resiliency.
The report’s recommendations include:
- Revitalize U.S. information and communications technology manufacturing
- Increase resilience through secure and transparent supply chains
- Collaboration with international partners to improve supply chain security and resiliency
- Investment in future ICT technologies: Supporting and expanding programs to bring nascent technologies to market and advancing manufacturing technologies
- Strengthening the ICT workforce with programs to attract, educate and train the ICT workforce while enhancing the computer science curricula
- Ensuring sustainability remains a cornerstone of ICT development: Promoting enhanced labor and environmental standards and sustainable ICT facilities
- Continued study of the ICT industrial base, including critical ICT products such as PCBs and microelectronics
What can risk managers do to minimize their supply chain risk?
- Be risk-ready and review your supply chain and all its tiers. There's never been a need to focus on third-party and fourth-party risk management. Map out where your dependencies lie, evaluate different scenarios, and assess the potential impact of supply chain changes. Assess single points of failure and have plans to mitigate any stoppages or breaks in your supply chain.
- Assess where your suppliers, their suppliers, and their dependencies are based. In the current climate, all eyes are on geopolitical happenings. Will your suppliers' suppliers' suppliers be impacted?
- Wherever possible, keep supply chains as short as possible. The shorter the supply chain, the less complex and the greater visibility your organization has of all players.
- Foster a risk-engaged culture. Identifying and mitigating risks doesn't just belong to risk and compliance officers. Have a company-wide focus on risk preparedness and response by applying governance, risk, and compliance (GRC) strategy across your organization.
SAI360 helps midsize and enterprise customers confidently navigate an ever-shifting business landscape with an integrated, agile approach to risk management and business continuity. And when it comes to understanding third- and fourth-party risks, we’re a recognized leader.
Read the full report: Assessment of the Critical Supply Chains Supporting the U.S. ICT Industry (dhs.gov)