NIST logo

October Workshop to Consider Future of Information and Communication Technology Supply Chain Risk Management

From NIST Tech Beat: September 18, 2012

*

Contact: Evelyn Brown
301-975-5661

The National Institute of Standards and Technology (NIST) will host a workshop at its Gaithersburg, Md., headquarters October 15 and16, 2012, to discuss ways NIST can focus its work to help federal departments and agencies manage the risks associated with information and communication technology (ICT) supply chains.

The ICT supply chain is a globally distributed, interconnected set of organizations, people, processes, products and services that extends across the entire system development life cycle from research and development, to production, delivery, operations and disposal.

It is considered at “risk” because of both the increasing sophistication of information and communications technologies and the growing speed and scale of a complex, distributed global supply chain. Increased understanding of, and visibility and traceability throughout, the supply chain, will help government users better manage the risks of compromise enabled by counterfeit materials, malicious software or untrustworthy products.

The ICT supply chain security discipline is in an early stage of development with diverse perspectives on foundational ICT supply chain definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. The field still needs to identify the available and needed tools, technology and research related to the ICT supply chain risk and to better understand their benefits, limitations and gaps.

This NIST workshop will bring together a varied group of stakeholders and thought leaders from industry, academia and government to explore and discuss several of the key technical aspects of the ICT supply chain.

The two-day-long workshop will present panels of government and industry experts. Objectives are to:

  • Discuss the fundamental underpinnings of ICT supply chain risk management (terms, definitions, characterizations);
  • Identify and evaluate current and needed commercially reasonable practices and related standards (need, scope and development approach);
  • Identify current and needed tools, technology and techniques useful in securing the ICT supply chain; and
  • Identify current and needed research and resources.

To register for the October 15-16 conference, see www.fbcinc.com/nist_supplychain.