The National Institute for Standards and Technology (NIST) recently focused on potential disruptions to supply chains, both for the federal government and any business that has grown dependent on “a globalized ecosystem of vendors.”
NIST developed a draft outline for managing information and communications technology (ICT) risks, noting that the private and public sectors employ nonstandard practices to prevent disruption, making it hard to determine whether the practices are effective.
“This globalized ecosystem of vendors affords significant benefits to its customers, including low cost, interoperability, rapid innovation, a variety of product features, and choice among competing vendors,” noted the NIST in its outline. “However, the same globalization that creates these benefits enables increased opportunities for adversaries (individuals, organizations, or nation-states) to directly or indirectly affect the management or operations of companies, in a manner that may result in risks to the end user. For example, an adversary may have the power to coerce a manufacturer to hand over the manufacturing specifications of a sensitive U.S. system or to insert malicious capability into a product.”
Commercially available products, services and software introduce vulnerability and open the door to compromise supply chains via counterfeit products, unauthorized production, tampering, theft, malicious software attacks, as well as lower quality manufacturing and development.
There are four overlapping objectives to ICT supply chain risk management, NIST noted. They are integrity, security, resilience and quality. The process to safeguarding supply chains, especially for federal agencies, could be long, NIST explained.
“It should be noted that it might take years for a vulnerability stemming from the ICT supply chain to be exploited or discovered. In addition, it may be difficult to determine whether an event was the direct result of a supply chain vulnerability,” the organization said in its outline. “This may result in a persistent negative impact on federal agencies’ missions that could range from reduction in service levels leading to customer dissatisfaction to theft of intellectual property, or degradation of mission-critical federal agency functions.”
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
