Securing the Information and Communications Technology (ICT) Supply Chain is critical. ICT systems and components include information systems and networks. Supply Chain Risk Management (SCRM) is the set of methods to understand and mitigate the risks inherent in acquiring and operating systems and their components.
Interest in ICT SCRM is driven by the increasing concerns about the integrity of todays automated systems in government and industry.
The ICT Supply Chain is analogous to a flowing river system, starting in rivulets (component chips or code sections) that grow into larger rivers (hardware, software, and firmware structures), that spread into deltas (many users of the structures, systems and components). There are many contributors to this flow: public and private sector manufacturers, integrators, and suppliers. At each stage of the flow there are potential threats and vulnerabilities that can compromise, endanger, and threaten the security of the ICT Supply Chain. Reducing, mitigating, eliminating these threats and vulnerabilities, using a variety of methodologies, is a prime and critical focus of securing the ICT Supply Chain. National Security.
Physical protection of the end-to-end lifespan of the supply chain from production to end-user, including storage and end-of-usefulness is one facet. The supply chain must also be protected by governance, controls, processes, and procedures that insure integrity, reliability, reliance and availability.
In the following pages all of these topics will be addressed in more detail, including in some instances, additional information for those who wish to delve deeper.