Description:
Ensuring security in global supply chains is critical to ensuring trust in ICT and the future of the digital society. Today’s ICT products and services (and the Internet itself) are comprised of a multitude of software, hardware, and service components, more often than not produced, assembled, or provisioned by third parties. Organizations (including operators of critical infrastructure), and firms rely heavily on a multitude of third-party vendors and service providers for their operations, with each of them having some degree of connectivity and dependency, each adding to difficult-to-manage third party risk. At the same time, sophisticated, targeted cyberattacks carried out by criminals exploiting supply chain vulnerabilities aggravate the situation further.
While global ICT firms have invested heavily in mitigating third-party risk, governments, particularly those in the Global South, and SMBs often lack the capacity and resources to manage ICT supply chain risk effectively. To address supply chain-related security concerns, some governments have also enacted restrictive measures, ranging from technical security reviews based on domestic standards to data localization requirements and foreign investment restrictions. This reflects, in some cases, also the geopolitical struggles and ill-guided attempts to exercise sovereign powers over global ICT supply chains and the Internet, which may further the fragmentation of the Internet and decouple the technological and economic universes.
This workshop will examine how trust in global ICT supply chains – and the ICT products and services they are developing, deploying, and provisioning – can be strengthened through objective, risk-informed, and verifiable assurance and transparency measures that enhance security, safety, stability, and resilience of the Internet and underlying ICT.
Additional sources: