The Biden administration is seeking public input on how policies contained in an executive order issued in February may affect the information and communication technology supply chain.
On Monday, the Bureau of Industry and Security at the Department of Commerce released a notice of request for public comment, asking industry, experts and others to comment on the technological and cybersecurity landscape faced by companies that make up the ICT supply chain. According to the document, the sectors and products in scope of the report will include critical software (as defined by NIST), data center and cloud technology storage, satellite support, mobile devices, end user devices like routers and antennae, hardware used for terrestrial distribution and broadcast or wireless transport.
One the software side, the two departments are “specifically interested in comments related to validation standards of component and software integrity, standards and practices ensuring the availability and integrity of software delivery and maintenance, and security controls during the manufacturing phase of ICT hardware and components,” the notice states.
In some instances, the government is looking for “specific policy recommendations” on ways to foster a more resilient supply chain, such as boosting domestic manufacturing of technological components and supplies or reducing vulnerabilities in the technologies and systems depended upon for timely delivery of goods and products. In others, they ask for “any executive, legislative, regulatory, and policy changes and any other actions to strengthen” manufacturing and other capabilities to produce those goods.
The input will feed into a report the departments of Commerce and Homeland Security are developing on risks affecting critical sectors and subsectors of the information and communications technology industrial base. The report will also look at a broad range of cybersecurity and other risks within the ICT sector, as well as assessing cybersecurity practices and standards designed to prevent the disruption, strain, compromise or elimination of the supply chain from “risks posed by supply chains' reliance on digital products that may be vulnerable to failures or exploitation, and risks resulting from the elimination of, or failure to develop domestically.”
The Biden administration’s executive order called for a broad review and examination of weaknesses and dependencies in the American supply chain, in an effort to better identify and prevent physical or cyber-enabled attacks on critical infrastructure that can significantly disrupt or prevent the flow of goods and services. In addition to the ICT review, the administration also tasked the departments of Defense, Energy, Health and Human Services and Agriculture with developing similar reports for businesses within their sectors.
Those interested in responding have until Nov. 4, 2021, to submit their comments through www.regulations.gov.