WASHINGTON – Today, global tech trade association ITI published a set of principles to guide the U.S. government as it undertakes its strategic review of supply chains. ITI’s Supply Chain Security: Principles for Strategic Review supports the holistic assessment of the information and communications technology (ICT) supply chain called for by the Biden Administration’s Executive Order on America’s Supply Chains and offers best practices to inform and develop a more coherent, streamlined and strategic approach to supply chain security policy.
“The tech sector shares policymakers’ concerns regarding threats to global ICT supply chains, which implicate not only cybersecurity, national security and economic security policy objectives but also U.S. competitiveness,” said John Miller, ITI’s Senior Vice President of Policy and General Counsel and Co-Chair of the ICT Supply Chain Risk Management Task Force. “As the Biden Administration assesses the ICT supply chain as part of its new EO, we encourage it to also undertake a strategic review of the ICT supply chain security policy landscape more broadly to develop a coherent, streamlined and effective long-term approach to this critical issue. In doing so, the administration should consider how to strengthen supply chain resilience and national security in a coordinated and holistic manner.”
Over the past several years, uncoordinated approaches by the U.S. federal government to ICT supply chain risk management have resulted in a patchwork of overlapping, inconsistent and, in some cases, conflicting measures, including Executive Orders, agency actions, regulations and legislation. Currently, there are upwards of 30 supply chain security measures being contemplated and/or in force, resulting in a confusing supply chain security policy terrain that is increasingly difficult for companies to navigate, and which in many respects has not achieved the intended goal of improved supply chain security and resilience across the U.S. federal enterprise, critical infrastructure, and global private sector ICT supply chains.
To streamline and improve these varied efforts, ITI recommends the U.S. government takes into account the following principles :
- Designate a lead supply chain security risk management agency and empower the National Cyber Director to coordinate these efforts.
- Take a risk-based and evidence-driven approach and facilitate transparency and predictability for private actors to the greatest extent possible.
- Leverage the existing ICT Supply Chain Risk Management Task Force as a focal point for public-private collaboration on supply chain security.
- View supply chain risk management through the lens of trustworthiness, which has many dimensions.
- Ensure bi-directional information-sharing is a key tenet in any supply chain security approach.
- Use measures to advance and protect U.S. national security objectives without putting American competitiveness at risk.