During the third week of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Agency is emphasizing the importance of understanding supply chain threats. As technology evolves, so does the threat environment. Of particular importance is securing information and communications technology (ICT) supply chains.
What exactly is ICT?
Information and Communication Technologies (ICTs) is an extension of Information Technology (IT), which that refers to all communication technologies, including the internet, wireless networks, cell phones, computers, software, middleware, video-conferencing, social networking, and other media applications and services enabling users to access, retrieve, store, transmit, and manipulate information in a digital form.
Organizations depend on ICT for fast communications, data processing and market intelligence. ICT plays a role in every industry, helping organizations to improve business processes, obtain efficiency, drive profit growth and sustain a competitive advantage in the national &
With ICT serving as the bedrock for the nation’s critical infrastructure, their supply chains are valuable targets for adversaries seeking to steal, compromise, alter, or destroy sensitive information being stored in and communicated through ICT.
Recent software compromises and other security incidents have revealed how new and inherent vulnerabilities in global supply chains can have cascading impacts that affect all users of ICT within and across organizations, sectors, and the National Critical Functions. To help organizations understand these threats and how to mitigate them, CISA’s ICT Supply Chain Risk Management (SCRM) Task Force developed the Threat Scenarios Report that provides acquisition and procurement personnel and others with practical, example-based guidance on supplier SCRM threat analysis and evaluation.
Using feedback from end users and stakeholders, the Task Force catalogued the universe of supply chain threats to develop a lexicon compartmentalized into nine categories (i.e., counterfeit parts, economic risks, external end-to-end supply chain risks, etc.). Additionally, they developed sample scenarios with mitigation controls intended to help an organization strengthen its security posture.