IT Supply Chain Security Act Puts CIOs in the Hot Seat

Sara Peters, Editor in Chief | 1/9/2013 | 5 comments

Sara Peters
If the Intelligence Authorization Act for Fiscal Year 2013 is any indication, the US government's intelligence agencies are taking IT supply chain security very seriously.

The pending legislation -- sponsored by Senator Dianne Feinstein (D-Calif) and submitted to the president last week -- specifically calls out the CIOs of all intelligence agencies, commanding them to collect and report information about any software or other IT equipment in use in their respective operations.

Recent history has shown examples of PCs being infected with malware before they even reach store shelves. So the supply chain security measures contained in the act are laudable goals. And, the act will keep agencies on a tight schedule. Within 90 days of enactment, the director of national intelligence will have to submit a report to the Congressional intelligence committees that:

    (1) Identifies foreign suppliers of information technology (including equipment, software, and services) that are linked directly or indirectly to a foreign government, including:
      (a) by ties to the military forces of a foreign government;
      (b) by ties to the intelligence services of a foreign government;
      (c) by being the beneficiaries of significant low-interest or no-interest loans, loan forgiveness, or other support by a foreign government; and

    (2) Assesses the vulnerability to malicious activity, including cyber crime or espionage, of the telecommunications networks of the United States due to the presence of technology produced by suppliers identified under paragraph (1).

So, when intelligence agencies and telecom companies are buying new gear, it isn't enough anymore to simply check the name on the label. Even if a device is stamped "made in America," it doesn't necessarily mean that all the components inside it were made in America. CIOs in intelligence agencies will now need to know how to answer the question "just how much of this was made in America?"

IT vendors are going to have to be forthcoming about what kinds of companies are in their supply chains, and this could impact purchasing decisions. The vendors that remain tight-lipped, or don't come back with the right answers, may lose government business.

Related to this, the law would also mandate that the CIOs of each intelligence agency conduct inventories of all their software licenses -- for software in use and software not in use -- and report those inventories to the overriding CIO of the intelligence community.

Now, I don't read every law, of course, but I've read many, and I've never seen the term "CIO" in any of them. The fact that the text of the legislation actually uses this term shows that CIOs are getting some of the respect they deserve... and states in no uncertain terms just who's responsible for making this inventory happen.

The act will also demand that intelligence agencies develop a plan to achieve compliance with the Improper Payments Elimination and Recovery Act, which we covered last week.

Neither Senator Feinstein's office, nor the Senate Select Committee on Intelligence, responded to our requests for comment.

If this pending legislation is ratified by the president, it could be a boon to IT supply chain security efforts. However, a number of questions remain to be answered:

  • Is it even possible to improve IT supply chain security?
  • If it's possible, how difficult will it be?
  • And, if the intelligence agencies' CIOs find out that all IT gear is "linked directly or indirectly" to a foreign government, what do they do next?
  • How many IT products and services could be eliminated?

View Comments: Newest First | Oldest First | Threaded View
Susan Nunziata   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:55:41 PM
Re: Good luck CIOs
@Sara: If you've reached a level at which someone thinks you're worth blaming, is that an indication of career success? If so, then I think most CIOs outside of government can say with confidence "I am a success!" 
Sara Peters   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:01:50 PM
Re: Good luck CIOs
@Susan  I agree!  It's nice that CIOs have gotten some respect... but now that the top-level government officials know who the CIOs are, they can start blaming them for things.
Sara Peters   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:00:43 PM
Re: This could cripple some partnerships
@Pablo  You're absolutely right: "this also could cripple some partnerships and international agreements." I hadn't even thought about that side of the issue.
Susan Nunziata   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/10/2013 11:47:51 PM
Good luck CIOs
Great post Sara. The legislation itself sounds like it would create limitations that seem like they would bring government IT operaitons to a grinding halt. However, I'm surprised and encouraged that the profile of the CIO has reached such a level that these execs are specifically mentioned in this Act. Then again, I'm not sure I"d want to be the government agency CIO charged with assuring that their technology meets these seemingly unsustainable standards.
Pablo Valerio   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/10/2013 9:19:30 AM
This could cripple some partnerships
Sara, while I understand the need to be vigilant about the possibility of foreign governments using the technology of their companies to spy on the US, this also could cripple some partnerships and international agreements.

The case against Huawei and ZTE is still open and, despite assurances from both companies, raises questions about the possibility of using their networking equipment to collect confidential data.

But the data is already out there. Today it is impossible for any government or large organization to isolate their data within a "controlled" network, and international netwroks use a combination of technologies from many different providers from all over the world.

The US government can not demand that their partners use ONLY their "authorized" technologies, and many European and Asian networks are built using foreign systems. We have to live with that.
User Ranking: Blogger

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Sara Peters
Sara Peters   5/30/2014   18 comments
Before I throw my knapsack over my shoulder, head out the door, slouch my way down lonely roads, and try to get a kind stranger to give me a lift to DarkReading, I want to bid a fond adieu ...
Sara Peters   5/7/2014   55 comments
There's a new player in the wearable technology market. While it has a new attitude and a new business plan, it also seems to have new problems that may cause it to miss the mark and the ...
Sara Peters   5/1/2014   32 comments
It's time for an intervention. This addiction to Windows XP has gone too far.
Sara Peters   4/10/2014   21 comments
The race is on to restore trust in the very security tools that are used to ensure online trust. Websites, applications, and services are hastening to patch Heartbleed, a flaw in the ...
Sara Peters   4/4/2014   17 comments
Tablets are becoming more affordable all the time, but they're not so inexpensive that you wouldn't worry if kindergartners treated them with the same care they treat construction paper ...
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
A Video Case Study – Translational Genomics Research Institute
e2 OEM Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Curtis Franklin Jr.
OEMs Change Roles

1|18|13   |   1:55   |   3 comments

OEMs can change markets – here's why IT should have a say in the decision.
Tom Nolle
The Enterprise Side of Amazon Fire

9|29|11   |   2:04   |   6 comments

Amazon Fire’s split-browser model hosts some of the GUI in the cloud, which could have a major impact on virtual desktop thinking.
Curtis Franklin Jr.
The OEM Relationship

9|13|11   |   02:02   |   1 comment

The growth of OEM relationships means that enterprise IT execs must pay closer attention to who's responsible for support and development.
Pablo Valerio
Can't Land on the Runway Behind You

8|15|11   |   1:36   |   1 comment

One lesson from aviation also applies to big IT projects: Give yourself plenty of leeway and have room to maneuver.
Ivan Schneider
Flecksequence Explained

7|28|11   |   2:46   |   3 comments

How to use the term in a sentence and, more importantly, how flecksequence can help manufacturers.
Sara Peters
E2 Has a New Look!

7|20|11   |   2:53   |   6 comments

E2's gotten a makeover. Take a tour through some of our new features.