By Devin Lynch, Director
Supply-Chain and Technology Security
Since 2019, the Office of the Director of National Intelligence’s National Counterintelligence and Security Center (NCSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense, and other Government and industry partners have identified April as Supply Chain Integrity Month. In so doing, they have issued a call to action to identify and mitigate pervasive threats to U.S. supply chains. This year, ONCD is partnering with NCSC, CISA, DoD, and others to call for greater supply chain security.
This call to action could not be more important—or timely. Earlier this month, the 3CX incident again brought increased public attention to software supply chain hacks, further illustrating the need for greater action. And last month, the Biden-Harris Administration released the National Cybersecurity Strategy (NCS), which advances the nation’s cybersecurity across five pillars: (1) defending critical infrastructure; (2) disrupting and dismantling threat actors; (3) shaping market forces to drive security and resilience; (4) investing in a resilient future; and (5) forging international partnerships to pursue shared goals. Supply chain security provides archways connecting the five pillars of the NCS. For example, we cannot hope to defend critical infrastructure, disrupt threat actors, or forge stronger international partnerships without defensible and resilient supply chains.
The theme for this year’s Supply Chain Integrity Month is “Supply Chain Risk Management (SCRM) – The Recipe for Resilience.” As organizations introduce new or repurposed technology into their operations, they should adopt a comprehensive approach in their recipe for resilience, including: investing in information security and cybersecurity (e.g., staying on top of updates and patches); taking procurement and acquisition seriously; knowing the security of the open-source and third-party software they use; and monitoring the vendors, distributors, and suppliers who make up their supply chain. After all, the weakest link in a supply chain can be a recipe for disaster for everyone involved.
Throughout the month, ONCD and its partner agencies will promote resources, tools, and information designed to help partners and stakeholders integrate supply chain risk management into their overall security posture and to build a national culture of supply chain resilience. You can learn more about CISA’s efforts by visiting their National Supply Chain Integrity Month website and by visiting the NCSC’s Awareness website.