The Cybersecurity and Infrastructure Security Agency (CISA) announced a six-month extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. 

The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.

In December of last year, the Task Force released its Year 2 Report, which built off previous work completed in year one. It showcased the collective ongoing efforts of five working groups within the Task Force to address challenges to information sharing, threat analysis, qualified bidder and qualified manufacturer lists, vendor attestation, and impacts from COVID-19 on supply chains. 

The extension of the Task Force will allow working groups to continue their work as outlined in the Year 2 Report, to include the release of specific reports, including the latest Working Group 2 Threat Scenarios Report, as well as other upcoming working group products. It will also ensure both government and industry members can continue to collaborate on other ongoing public-private engagement efforts around supply chain and support the Federal Acquisition Security Council (FASC). 

“The work of the Task Force over the past two years has been invaluable to the critical infrastructure community,” said Bob Kolasky, CISA Assistant Director and Task Force Co-Chair. “Extending the charter for six additional months ensures the Task Force has the support and flexibility needed to function as a high-leverage, public-private partnership able to work beyond the normal governmental processes to address unique challenges impacting global ICT supply chains.” 

“As supply chain attacks on our global ICT infrastructure become more frequent, aggressive – and increasingly consequential – now is the time for our Task Force to double down on its critical work,” said Robert Mayer, Senior Vice President, Cybersecurity and Innovation, and Task Force Co-Chair. “Over the last two years, we’ve engaged a dozen government agencies and IT and communications stakeholders to make the global supply chain less vulnerable to a broad spectrum of supply chain attacks. This is where industry works side-by-side with our government partners on pressing priorities, and I’m glad this important partnership has been extended.”

“As threats to the global ICT supply chain become increasingly complex and pervasive, solutions that leverage public and private expertise are essential. In two years, we have established the ICT Supply Chain Risk Management Task Force as the preeminent public-private partnership tackling supply chain risk, driving forward actionable solutions on thorny issues including supply chain threat information sharing to vendor assurance,” said John Miller, ITI Vice President of Policy and Senior Counsel and Co-Chair of the Task Force. “We welcome the Task Force’s extension and look forward to continuing our important work to address our shared supply chain risk management challenges.”  

Over the next six months, through July 2021, the Task Force will continue to explore means for building partnerships with international partners, new sectors, and stakeholders who can help grow the applicability and utilization of Task Force. With the interconnectedness between the sectors and the scale of supply chain risks faced by both government and industry, private-public coordination is essential to enhance ICT supply chain resilience.