The globalization of supply chains - characterized by a complex network of contracts and subcontracts for component parts, services, and manufacturing - presents a very real threat to U.S. national security. Bad actors are using vulnerabilities in the supply chain to compromise sensitive research and development (R&D) programs, steal personally identifiable information and intellectual property, and insert malware into critical information technology components. Supply chain exploitation is threatening the integrity of key U.S. economic, critical infrastructure, and R&D sectors.
The National Counterintelligence and Security Center (NCSC) is a U.S. federal entity tasked with leading and supporting the U.S. government’s counterintelligence (CI) and security activities. Its employees provide CI outreach to U.S. private sector entities at risk of foreign intelligence penetration, and they issue public warnings regarding intelligence threats to the U.S. The NCSC's supply chain directorate recently published a "Best Practices Guide" designed to assist private sector entities in improving their ability to protect the global supply chain.
The "Best Practices Guide 2021" recommends that private sector entities: 1) obtain executive level commitment to a supply chain risk management program, 2) identify critical networks, systems, and information, and 3) actively manage third party risks. The "Best Practices Guide" provides helpful tips on how to do these things.
Securing the global supply chain is something we all must work to do. Check out the "Best Practices Guide" to take the temperature of your organization and see if there are areas where improvements can be made.