A coalition of nine trade groups including the: Telecommunications Industry Association (TIA); Competitive Carriers Association (CCA); Consumer Technology Association (CTA); CTIA; Information Technology Industry Council (ITI); National Association of Broadcasters (NAB); NTCA; USTelecom and the Wireless Infrastructure Association (WIA) on April 12 sent a letter to US Homeland Security Department Secretary Alejandro Mayorkas and Commerce Department Secretary Gina Raimondo to offer industry support for addressing challenges facing the information communications technology (ICT) industry.
“In the wake of recently revealed, widespread compromises through software vectors like SolarWinds, government and industry face a renewed call to arms to address threats from foreign adversaries,” the letter says.
It adds, “Of critical importance now is maintaining the United States’ longstanding commitment to industry-led technical standards and best practices to address cybersecurity, supply chain and other global challenges. Such standards are a bedrock of federal trade, technology and security policy, so it is imperative that your respective Departments champion them.”
The coalition is urging the Biden Administration to refrain from attempting to create its own technical demands or trying to supplant private sector leadership in standards bodies. As the recently released Interim Final Rules that implement aspects of E.O. 13873 are refined, the coalition contends that "the Commerce Department has the opportunity to take a more effective approach to supply chain security by placing greater focus on industry-led best practices as they represent a proven and positive model for nations working to build a secure, resilient and innovative connected ecosystem."
Read the coalition's letter here.
Separately but regarding the same topic, on March 15, the TIA released details on a new global supply chain security standard, SCS 9001, billed as "the first-ever ICT supply chain security standard will verify and measure performance." The TIA has published a new white paper on SCS 9001, which it calls the first process-based supply chain security standard for the ICT industry.
According to TIA:
With sophisticated supply chain cyberattacks on the rise, SCS 9001 is on an accelerated schedule to address the urgent need for an ICT-specific standard for global supply chain security. Scheduled to release later this year, the new standard will be measurable and verifiable as a means for service providers, manufacturers, and vendors to demonstrate and ensure that their supply chains meet the critical requirements needed to mitigate the risk of cybersecurity breaches and attacks.
“Today, technology is outpacing security and supply chain infiltrations and attacks are undermining the security of our networks and negatively affecting trust in the ICT infrastructure that powers our global economy,” said TIA CEO David Stehlin. “TIA and its members are addressing this head-on by developing a new verifiable, process-based standard to confront what has become the single biggest threat to our industry in recent history.”
The new white paper from TIA details the framework of the new standard established by their supply chain security workgroup, which includes experts from service providers, manufacturers, and security consultants; the process they are using to develop the standard; and how you can get involved.
Additionally, TIA shares details of the standards landscape analysis created by its member workgroup, and how they are leveraging applicable components from other established standards and best practices in various industries to build SCS 9001 for the global ICT industry.
“Consumers, enterprises, and governments will gain confidence in ICT networks through this comprehensive supply chain standard,” added TIA's Stehlin. “TIA and its QuEST Forum community have built and managed critical industry standards for decades. Our members understand the importance of securing our supply chain and they are building a standard that will evolve alongside technology advancements and keep pace with the rate of innovation.”
TIA says the goal of SCS 9001 is to establish a verifiable global standard which provides assurances to governments, businesses, and consumers, that their networks and connected devices are secure and can be trusted.