Classified supply chain threat reports to critical U.S. telecommunications, energy and financial businesses, will soon be shared by the U.S. National Counterintelligence and Security Center (NCSC), as reported by Matt Hamblen of Computerworld.
NCSC leads the integration of the U.S. government’s counterintelligence and security activities for the common purpose of countering foreign intelligence threats to information and assets critical to the nation’s security.
To raise awareness of increased risk to supply chains due to the evolving dependence on globally sourced commercial information and technologies for mission critical systems and services, the agency released a video last month.
The risks are passed to end users through products and services that may contain defective, counterfeit or otherwise tainted components—such as compromised telecommunications equipment.
“Our adversaries are trying to figure out what U.S. industry—whether telecom or defense—will be doing three years from now,” says Bill Evanina, director of NCSC. "That is why NCSC and the Office of the Direction of National Intelligence are trying to find creative ways to help U.S. industry protect its supply chain and thereby help protect America."
The agency said it will help federal agencies and industry through several other measures, including:
·Providing threat briefings to government partners and eventually to industry;
·Developing a supply chain risk management (SCRM) blueprint for executive branch agencies, which can also apply to any organization that acquires goods and services; and
· Developing a SCRM publicly available online training course that will introduce government partners and interested industry to SCRM and the elementary efforts they can use to protect their acquisition processes against supply chain subversion.