IT Supply Chain Security Act Puts CIOs in the Hot Seat

Sara Peters, Editor in Chief | 1/9/2013 | 5 comments

Sara Peters
If the Intelligence Authorization Act for Fiscal Year 2013 is any indication, the US government's intelligence agencies are taking IT supply chain security very seriously.

The pending legislation -- sponsored by Senator Dianne Feinstein (D-Calif) and submitted to the president last week -- specifically calls out the CIOs of all intelligence agencies, commanding them to collect and report information about any software or other IT equipment in use in their respective operations.

Recent history has shown examples of PCs being infected with malware before they even reach store shelves. So the supply chain security measures contained in the act are laudable goals. And, the act will keep agencies on a tight schedule. Within 90 days of enactment, the director of national intelligence will have to submit a report to the Congressional intelligence committees that:

    (1) Identifies foreign suppliers of information technology (including equipment, software, and services) that are linked directly or indirectly to a foreign government, including:
      (a) by ties to the military forces of a foreign government;
      (b) by ties to the intelligence services of a foreign government;
      (c) by being the beneficiaries of significant low-interest or no-interest loans, loan forgiveness, or other support by a foreign government; and

    (2) Assesses the vulnerability to malicious activity, including cyber crime or espionage, of the telecommunications networks of the United States due to the presence of technology produced by suppliers identified under paragraph (1).

So, when intelligence agencies and telecom companies are buying new gear, it isn't enough anymore to simply check the name on the label. Even if a device is stamped "made in America," it doesn't necessarily mean that all the components inside it were made in America. CIOs in intelligence agencies will now need to know how to answer the question "just how much of this was made in America?"

IT vendors are going to have to be forthcoming about what kinds of companies are in their supply chains, and this could impact purchasing decisions. The vendors that remain tight-lipped, or don't come back with the right answers, may lose government business.

Related to this, the law would also mandate that the CIOs of each intelligence agency conduct inventories of all their software licenses -- for software in use and software not in use -- and report those inventories to the overriding CIO of the intelligence community.

Now, I don't read every law, of course, but I've read many, and I've never seen the term "CIO" in any of them. The fact that the text of the legislation actually uses this term shows that CIOs are getting some of the respect they deserve... and states in no uncertain terms just who's responsible for making this inventory happen.

The act will also demand that intelligence agencies develop a plan to achieve compliance with the Improper Payments Elimination and Recovery Act, which we covered last week.

Neither Senator Feinstein's office, nor the Senate Select Committee on Intelligence, responded to our requests for comment.

If this pending legislation is ratified by the president, it could be a boon to IT supply chain security efforts. However, a number of questions remain to be answered:

  • Is it even possible to improve IT supply chain security?
  • If it's possible, how difficult will it be?
  • And, if the intelligence agencies' CIOs find out that all IT gear is "linked directly or indirectly" to a foreign government, what do they do next?
  • How many IT products and services could be eliminated?

View Comments: Newest First | Oldest First | Threaded View
Susan Nunziata   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:55:41 PM
Re: Good luck CIOs
@Sara: If you've reached a level at which someone thinks you're worth blaming, is that an indication of career success? If so, then I think most CIOs outside of government can say with confidence "I am a success!" 
Sara Peters   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:01:50 PM
Re: Good luck CIOs
@Susan  I agree!  It's nice that CIOs have gotten some respect... but now that the top-level government officials know who the CIOs are, they can start blaming them for things.
Sara Peters   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/11/2013 7:00:43 PM
Re: This could cripple some partnerships
@Pablo  You're absolutely right: "this also could cripple some partnerships and international agreements." I hadn't even thought about that side of the issue.
Susan Nunziata   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/10/2013 11:47:51 PM
Good luck CIOs
Great post Sara. The legislation itself sounds like it would create limitations that seem like they would bring government IT operaitons to a grinding halt. However, I'm surprised and encouraged that the profile of the CIO has reached such a level that these execs are specifically mentioned in this Act. Then again, I'm not sure I"d want to be the government agency CIO charged with assuring that their technology meets these seemingly unsustainable standards.
Pablo Valerio   IT Supply Chain Security Act Puts CIOs in the Hot Seat   1/10/2013 9:19:30 AM
This could cripple some partnerships
Sara, while I understand the need to be vigilant about the possibility of foreign governments using the technology of their companies to spy on the US, this also could cripple some partnerships and international agreements.

The case against Huawei and ZTE is still open and, despite assurances from both companies, raises questions about the possibility of using their networking equipment to collect confidential data.

But the data is already out there. Today it is impossible for any government or large organization to isolate their data within a "controlled" network, and international netwroks use a combination of technologies from many different providers from all over the world.

The US government can not demand that their partners use ONLY their "authorized" technologies, and many European and Asian networks are built using foreign systems. We have to live with that.
User Ranking: Blogger


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Sara Peters
Sara Peters   4/10/2014   16 comments
The race is on to restore trust in the very security tools that are used to ensure online trust. Websites, applications, and services are hastening to patch Heartbleed, a flaw in the ...
Sara Peters   4/4/2014   13 comments
Tablets are becoming more affordable all the time, but they're not so inexpensive that you wouldn't worry if kindergartners treated them with the same care they treat construction paper ...
Sara Peters   4/3/2014   11 comments
As entertainment technology continues to make the game-time experience for couch-riding sports fans better and better, all sports teams are looking for new ways to encourage fans to buy ...
Sara Peters   3/27/2014   18 comments
Today at E2 sister site Information Week, Robert Atkinson wrote an excellent column titled "Tech Fear-Mongering Must Stop."
Sara Peters   3/26/2014   40 comments
It's official: The music industry -- the hapless, hopeless, wretched thing that it is -- has allowed digital media to ruin music.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
SPONSORED BY DELL
A Video Case Study – Translational Genomics Research Institute
e2 OEM Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   12 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   5 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   8 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Curtis Franklin Jr.
OEMs Change Roles

1|18|13   |   1:55   |   3 comments


OEMs can change markets – here's why IT should have a say in the decision.
Tom Nolle
The Enterprise Side of Amazon Fire

9|29|11   |   2:04   |   6 comments


Amazon Fire’s split-browser model hosts some of the GUI in the cloud, which could have a major impact on virtual desktop thinking.
Curtis Franklin Jr.
The OEM Relationship

9|13|11   |   02:02   |   1 comment


The growth of OEM relationships means that enterprise IT execs must pay closer attention to who's responsible for support and development.
Pablo Valerio
Can't Land on the Runway Behind You

8|15|11   |   1:36   |   1 comment


One lesson from aviation also applies to big IT projects: Give yourself plenty of leeway and have room to maneuver.
Ivan Schneider
Flecksequence Explained

7|28|11   |   2:46   |   3 comments


How to use the term in a sentence and, more importantly, how flecksequence can help manufacturers.
Sara Peters
E2 Has a New Look!

7|20|11   |   2:53   |   6 comments


E2's gotten a makeover. Take a tour through some of our new features.