The US Department for Homeland Security (DHS) is looking for a tool to create unclassified supply chain risk assessments that can be shared widely.
In an RFI posted on the government’s Federal Business Opportunities site, DHS said it wanted help in its market research for a due diligence tool for ICT supply chain risk.
It said it wanted a tool that would work using “publicly and commercially available unclassified data”, as the information generated from this tool would be “shared between organisations… to broadly address supply chain risk”, including federal, state and local governments and owners of critical infrastructure.
The RFI said it wanted a tool that could identify and mitigate ICT products, including hardware and software, which could potentially contain malicious functions or are counterfeit, defective or “vulnerable due to deficient manufacturing practices within the supply chain”.
DHS also wanted a similar capability to identify and mitigate supply chain risks in ICT-based services, including cloud services and other managed services.
The move comes after DHS secretary Kirstjen Nielsen warned a cyber security “hurricane” had been forecast, and days after DHS hosted a three-day simulation with public and private sector suppliers simulating a cyber attack on an election.
The US has also taken steps to block a number of Chinese tech companies, notably Huawei and ZTE, from supplying government bodies over security concerns.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.