The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released a list of recommendations to fight against the growing arrays of threats in the government’s tech supply chain. As reported by Nextgov, the DHS’s special Task Force has identified approximately 190 threats across nine groups that include counterfeit parts and insider threats.
What is this Task Force?
The DHS Task Force was formed in 2018 with an aim to provide advice and recommendations to the federal government for assessing and managing risks associated with the ICT supply chain.
The team constituted of four different working groups from different sectors, subject matter experts and representatives from across the Federal government.
The four working groups are:
The nine identified ‘Threat Groups’
During inventory development, these working groups identified nine significant threat groups which correspond to:
Apart from threats, the task force has also outlined some 40 scenarios related to the nine groups. This includes ransomware attacks, contractor compromise challenges, supplier ownership changes, and natural disasters.
These scenarios have been created based on several vulnerabilities such as business impacts, potential business mitigation strategies, and controls.
CISA has not released the complete inventory due to its sensitive nature. However, the officials have noted that it includes approximately 190 threats. Federal leaders and ICT companies can use the information to evaluate their security posture and model future threat scenarios.
Going forward, the Task Force intends to develop more actionable strategies that can be implemented by the government and private companies to evaluate supply chain risk from different vendors. Additionally, it plans to set up standardized methods for vendors to improve their supply chain risk management practices.