Strategic Study of CAE >> 2016, Volume 18, Issue 6 doi: 10.15302/J-SSCAE-2016.06.021
Research on Foreign ICT Supply Chain Security Management with Suggestions
1. Institute of Computer Technology, Chinese Academy of Sciences, Beijing 100190, China;
2. Chinese Academy of Cyberspace Studies, Beijing 100010, China;
3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Next Previous
Abstract
Given the nation’s critical infrastructure and key resources (CIKR) reliance on information and communication technology (ICT), identifying and controlling the ICT supply chain risk has become an important factor when protecting national security. As the forerunner of ICT supply chain management, the US provides rich experience in enhancing the strategic position of the ICT supply chain, establishing the standards of ICT supply chain management, ensuring the security of software and hardware in the ICT supply chain, and supervising the procurement of ICT supply chains. In addition, the EU and Russia also specifically strengthen the security management of the ICT supply chain. Based on the above research, this paper provides some suggestions on the security management of the ICT supply chain in China.
Keywords
supply chain risk management ; hardware supply chain ; software supply chain ; procurement security
References
[ 1 ] Boyson S, Rossman H. Developing a cyber-supply chain assur-ance reference model [R]. Maryland: Supply Chain Management Center (SCMC), Robert H. Smith School of Business University of Maryland, 2009.
[ 2 ] Booz Allen Hamilton. Managing risk in global ICT supply chains: best practices and standards for acquiring ICT [R]. McLean, Virginia: Booz Allen Hamilton, 2012.
[ 3 ] The comprehensive national cyber security initiative [EB/OL]. (2008-01) [2016-10-12].
[ 4 ] Schmidt H A. International strategy for cyberspace [R]. Washing-ton, DC: White House, 2011.
[ 5 ] Cadzow S, Giannopoulos G, Merle A, et al. Supply chain integrity: an overview of the ICT supply chain risks and challenges, and vi-sion for the way forward (2015) [R/OL]. (2015-09-11) [2016-10-15].
[ 6 ] The Embassy of the People’s Republic of China in New Zealand (Cook Islands, Niue). China, Russia and other countries submit the document of international code of conduct for information security to the United Nations International code of conduct for informa-tion security [EB/OL]. (2011-09-12) [2016-10-15].
[ 7 ] Boyens J, Paulsen C, Moorthy R, et al. NIST special publication 800-161: supply chain risk management practices for federal in-formation systems and organizations [S].
[ 8 ] Ross R S. NIST special publication 800-39, managing information security risk: organization, mission, and information system view [S].
[ 9 ] Boyens J. NIST IR7622: Notional supply chain risk manage-109Strategic Study of CAE 2016 Vol. 18 No. 6ment practices for federal information systems [S].
[10] Simpson S, Reddy D, Minnis B, et al. The software supply chain integrity framework: defining risks and responsibilities for secur-ing software in the global supply chain [S].
[11] Langevin J R, McCaul M T, Charney S, et al. Securing cyberspace for the 44th presidency: a report of the CSIS commission on cy-bersecurity for the 44th presidency [R]. Washington, DC: Center for Strategic and International Studies, 2008.
[12] Chadwick S H. Defense acquisition: overview, issues, and op-tions for congress [R]. Washington, DC: Congressional Research Service, the Library of Congress, 2007. link1