Speaking at the Department of Homeland Security’s (DHS) inaugural National Cybersecurity Summit, Christopher Krebs, under secretary for DHS’ National Protection and Programs Directorate, announced formation of the Information Communications Technology Supply Chain Task Force.
The taskforce will be a part of the newly created National Risk Management Center, which will launch later this week alongside the task force. The National Risk Management Center, announced today by DHS Secretary Kirstjen Nielsen, will provide a first response outlet for private sector critical infrastructure companies that are targeted by cyberattacks.
“One of the core elements of the National Risk Management Center is bringing industry and government together to identify integrated solutions to solve identified problems,” Krebs explained during a panel session on supply chains.
Protecting Federal supply chains has been top of mind for many in the Federal sector–especially with increasing threats from foreign adversaries such as Russia and China. In addition to DHS rolling out its own initiatives, Congress is stepping in to protect supply chains. Last Tuesday, the House Homeland Security Committee approved the Securing the Homeland Security Supply Chain Act (HR 6430), which would authorize the Homeland Security Secretary to take a variety of actions to curb supply chain risk including actions to exclude certain contractors in order to address “urgent national security interest.” The bill is currently awaiting consideration by the full House.
After announcing the taskforce, Krebs turned to his panel of experts and asked them what the taskforce should focus on in its first 90 days. Panelists, including Mark McLaughlin, former chairman and CEO of Palo Alto Networks; John Donovan, CEO of AT&T Communications; and Rob Joyce, senior advisor for cybersecurity strategy to the director of the National Security Agency, stressed the importance of quickly defining success and determining practical and achievable steps the task force can take.
“If we’re trying to solve supply chain integrity, what would we mean by that in a world that’s increasingly interconnected and guaranteed will be even more so in five years.” McLaughlin asked. “I hope [the definition of success] is very ambitious by the way.”
Krebs said that the taskforce will be focused on developing “playbooks” for what an operational response environment should look like. Joyce said that developing strong operational plans begins with collaboration.
“My advice is we start with some exercises, because that’s going to be everyone bringing together their SOPs and the understanding of the way we thought it was supposed to work,” Joyce explained. “We’ll find out where the gears align and where the gears don’t align. It’ll be important that we just get together and try some stuff.”
Industry groups are already expressing their support for the new task force–as well as the larger National Risk Management Center.
“DHS’s announcement of a National Risk Management Initiative and a task force on supply chain security will help advance improving security across the Internet ecosystem,” said BSA | The Software Alliance in a statement. “Software has a critical role to play in risk management and supply chain security. Addressing software cybersecurity is critical to the success of broader efforts to improve risk management and strengthen supply chain security.”
