Supply chain, Governance, Risk and Compliance

Commerce, DHS want feedback on state of IT and communications supply chain

Share
Commerce Secretary Gina Raimondo speaks during the daily press briefing at the White House on July 22, 2021, in Washington. (Photo by Drew Angerer/Getty Images)

The Biden administration is seeking public input on how policies contained in an executive order issued in February may affect the information and communication technology supply chain.

On Monday, the Bureau of Industry and Security at the Department of Commerce released a notice of request for public comment, asking industry, experts and others to comment on the technological and cybersecurity landscape faced by companies that make up the ICT supply chain. According to the document, the sectors and products in scope of the report will include critical software (as defined by NIST), data center and cloud technology storage, satellite support, mobile devices, end user devices like routers and antennae, hardware used for terrestrial distribution and broadcast or wireless transport.

One the software side, the two departments are “specifically interested in comments related to validation standards of component and software integrity, standards and practices ensuring the availability and integrity of software delivery and maintenance, and security controls during the manufacturing phase of ICT hardware and components,” the notice states.

In some instances, the government is looking for “specific policy recommendations” on ways to foster a more resilient supply chain, such as boosting domestic manufacturing of technological components and supplies or reducing vulnerabilities in the technologies and systems depended upon for timely delivery of goods and products. In others, they ask for “any executive, legislative, regulatory, and policy changes and any other actions to strengthen” manufacturing and other capabilities to produce those goods.

The input will feed into a report the departments of Commerce and Homeland Security are developing on risks affecting critical sectors and subsectors of the information and communications technology industrial base. The report will also look at a broad range of cybersecurity and other risks within the ICT sector, as well as assessing cybersecurity practices and standards designed to prevent the disruption, strain, compromise or elimination of the supply chain from “risks posed by supply chains' reliance on digital products that may be vulnerable to failures or exploitation, and risks resulting from the elimination of, or failure to develop domestically.”

The Biden administration’s executive order called for a broad review and examination of weaknesses and dependencies in the American supply chain, in an effort to better identify and prevent physical or cyber-enabled attacks on critical infrastructure that can significantly disrupt or prevent the flow of goods and services. In addition to the ICT review, the administration also tasked the departments of Defense, Energy, Health and Human Services and Agriculture with developing similar reports for businesses within their sectors.

Those interested in responding have until Nov. 4, 2021, to submit their comments through www.regulations.gov.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.