Federal Agencies at Risk From Dependence on Global IT Supply Chain

March 28, 2012
In order to carry out their operations, federal agencies often rely on IT components manufactured overseas. But, a new report from the Government Accountability Office (GAO) warns that this growing dependence on a global IT supply chain introduces ...

In order to carry out their operations, federal agencies often rely on IT components manufactured overseas. But, a new report from the Government Accountability Office (GAO) warns that this growing dependence on a global IT supply chain introduces multiple risks to sensitive federal information systems.

For example, the report says federal agencies are vulnerable to:


Installation of malicious logic on hardware or software


Installation of counterfeit hardware or software


Failure or disruption in the production or distribution of a critical product or service


Reliance upon a malicious or unqualified service-provider for the performance of technical services


Installation of unintentional vulnerabilities on hardware or software

Although four US national security-related departmentsthe Departments of Energy, Homeland Security, Justice and Defensehave acknowledged these threats, responses so far have been spotty.

Two of the departmentsEnergy and Homeland Security have not even taken critical first steps to mitigate risks, such as identifying supply chain protection measures for department information systems. Justice has made some initial progress, but it has not developed procedures for implementing or monitoring compliance with and effectiveness of any such measures, according to the report.

By contrast, the GAO says the Department of Defense has made greater progress through its incremental approach to supply chain risk management. The department has defined supply chain protection measures and procedures for implementing and monitoring these measures.

Still, officials at the four departments stated that their respective agencies have not determined or tracked the extent to which their telecommunications networks contain foreign-developed equipment, software, or services. Federal agencies are not required to track this information, and officials from four components of the US national security community believe that doing so would provide minimal security value relative to cost. (The four national security-related departments do participate in government-wide efforts to address supply chain security, including the development of technical and policy tools and collaboration with the intelligence community.)

GAO recommends the Departments of Energy, Homeland Security and Justice take steps, as needed, to develop and document policies, procedures and monitoring capabilities that address IT supply chain risk. According to the report, these departments generally concurred with GAO's recommendations.

"Until comprehensive policies, procedures, and monitoring capabilities are developed, documented, and implemented, it is more likely that these national security-related agencies will rely on security measures that are inadequate, ineffective, or inefficient to manage emergent information technology supply chain risks," the report concludes.

The full report, which includes detailed recommendations for executive action, is available here.

Popular Sponsored Recommendations

Empowering the Modern Workforce: The Power of Connected Worker Technologies

March 1, 2024
Explore real-world strategies to boost worker safety, collaboration, training, and productivity in manufacturing. Emphasizing Industry 4.0, we'll discuss digitalization and automation...

3 Best Practices to Create a Product-Centric Competitive Advantage with PRO.FILE PLM

Jan. 25, 2024
Gain insight on best practices and strategies you need to accelerate engineering change management and reduce time to market. Register now for your opportunity to accelerate your...

Transformative Capabilities for XaaS Models in Manufacturing

Feb. 14, 2024
The manufacturing sector is undergoing a pivotal shift toward "servitization," or enhancing product offerings with services and embracing a subscription model. This transition...

Shifting Your Business from Products to Service-Based Business Models: Generating Predictable Revenues

Oct. 27, 2023
Executive summary on a recent IndustryWeek-hosted webinar sponsored by SAP

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!