Securing the Supply Chain for Information and Communications Technology is critical to the security of any organization.
Securing the Information and Communications Technology (ICT) Supply Chain is critical. ICT systems and components include information systems and networks. Supply Chain Risk Management (SCRM) is the set of methods to understand and mitigate the risks inherent in acquiring and operating systems and their components.
Interest in ICT SCRM is driven by the increasing concerns about the integrity of todays automated systems in government and industry.
The ICT Supply Chain is analogous to a flowing river system, starting in rivulets (component chips or code sections) that grow into larger rivers (hardware, software, and firmware structures), that spread into deltas (many users of the structures, systems and components). There are many contributors to this flow: public and private sector manufacturers, integrators, and suppliers. At each stage of the flow there are potential threats and vulnerabilities that can compromise, endanger, and threaten the security of the ICT Supply Chain. Reducing, mitigating, eliminating these threats and vulnerabilities, using a variety of methodologies, is a prime and critical focus of securing the ICT Supply Chain. National Security.
Physical protection of the end-to-end lifespan of the supply chain from production to end-user, including storage and end-of-usefulness is one facet. The supply chain must also be protected by governance, controls, processes, and procedures that insure integrity, reliability, reliance and availability.
In the following pages all of these topics will be addressed in more detail, including in some instances, additional information for those who wish to delve deeper.
The discussions in this topic are intended to provide an initial overview for any interested reader, not just a technical professional. It is designed as a quick read for a decision-maker or other interested reader anyone who needs an quick understanding of the topic at a high level or for a decision-maker who needs to get up-to-speed.
This topic provides an understanding of the Supply Chain Risk Management (SCRM) topic, including definitions, insights into the nature of the problem and solutions. It also introduces the related concept of Supply Chain Management (SCM), risk mitigation, governance, and a conclusion and summary.