The Telecommunication Industry Association
Consumer Confidence and Economic Growth Require Industry-Driven Supply Chain Security Standards and Programs
It’s a new year, and technology continues to advance, perhaps at an even more rapid rate. Everything from autonomous vehicles, robotics and machine learning, to fully automated smart buildings, artificial intelligence (AI), and augmented and virtual reality – all this and more is coming on a 5G infrastructure backbone.
But if we are to truly witness the biggest shift in tech in a generation and its would-be economic growth across a wide swath of industries, including construction, manufacturing, energy, retail, financial, and healthcare, to name a few, consumer confidence will need to be at an all-time high – confidence that can only come by ensuring the integrity of the information and communication technology (ICT) supply chain.
The Threat is Real
The fragmentation of the ICT supply chain has resulted in the globalization of resources and a growing number of companies involved in developing and deploying the components, devices, platforms, and services that comprise the telecommunications infrastructure and transmit, store, or analyze massive amounts of information. With more players around the globe, the ICT supply chain has become increasingly complex and vulnerable. And with more connected devices than ever, evildoers have more ways to develop sophisticated cyberattack techniques and back-door mechanisms.
Whether it’s malicious malware, denial-of-service (DoS) attacks, or counterfeit components that increase exposure to additional risk, the threat is real. Studies estimate that more than five billion records, including credit card numbers and other highly-sensitive information, were exposed through data breaches in 2019. And it’s not just sensitive personal consumer data that cybercriminals are after. In today’s political landscape, news of potential cyberattacks from foreign adversary nations is on the rise and considered one of the greatest threats to the U.S.
As a result, there is ongoing bipartisan government legislation to address ICT supply chain security. Following the 2018 Cybersecurity and Infrastructure Security Agency Act, the FCC has adopted regulations to ban recipients of U.S. government funds from using untrusted vendors, and the Department of Commerce has released rules that prohibit potentially risky private-sector transactions with foreign adversaries. The Department of Defense has put forward a framework that will set supply chain security standards for its contractors, and federal task forces like the Department of Homeland Security’s Supply Chain Risk Management Task Force are also bringing forward recommendations.
An Impact to Our Economy
While threats to national security and public health or safety are at the pinnacle of concerns among both Democrats and Republicans, the economic impact of ICT supply chain security is more far-reaching.
- Business continuity – Disruption within any element of the supply chain can cause downtime that can halt or limit business continuity and operations for any type of organization across all vertical markets, causing lost revenue, reduced profits, and an inability to meet consumer demand.
- Corporate reputation – Whether it’s a delay in getting new products to market, or something more serious like a hacking event that results in the theft of customer’s personal data, financial business information, or intellectual property, any supply chain risk that goes unmanaged can impact public perception and the willingness to purchase products from, or recommend, a company.
- Consumer confidence – Whether it originates from a single company falling victim to a security breach, or a wide-spread infrastructure failure, lack of consumer confidence has the biggest impact on technology adoption. According to an October 2019 J.D. Power Mobility Confidence Index Study, 71 percent of consumers already cite system failures or errors as the primary concern when it comes to self-driving vehicles. As the technology advances, any demonstrated risk to the underlying infrastructure – from 5G network communication and curbside traffic detection systems, to the vehicular sensors and autonomous control software – can destroy consumer confidence and prevent adoption altogether.
It Takes an Industry
We’ve all heard the proverb, “It takes a village” in reference to children growing in a safe and healthy environment. Considering the widespread economic impact of ICT supply chain security, it takes an industry to make sure organizations can grow in a safe and healthy environment.
While government action and policies are a necessary and important aspect of ICT supply chain security, relying solely on the government can mean inefficiency due to the inherent nature of slower decision-making processes and broad-reaching policy that can lead to unnecessary trade restrictions and regulations. Further, when the costs to comply with regulatory mandates fall on business, the result is decreased competition, higher prices, and reduced profit – all ensuing stifled innovation and investment.
The public and private sector must come together to tackle the security of the ICT supply chain, but ensuring integrity at all points along its lifecycle requires accountability that can only come from proactive and preemptive industry-driven standards and programs that are developed via consensus and continually monitored and improved to adjust to evolving markets and technologies. Representing thousands of key players across all aspects of the ICT supply chain, combined with government alliances and advocacy, more than 3,600 telecommunications industry standards, and a track record of supply chain programs, the Telecommunications Industry Association (TIA) is perfectly positioned to drive confidence that our vast telecommunications networks are secure. Designed to meet ICT supply chain quality requirements, the QuEST Forum TL 9000 Quality Management System, part of TIA’s Business Performance Community, has a more than 20-year track record of success and can be adapted to address security.
TIA is actively executing policy-related advocacy programs and is an active participant on the Department of Homeland Security’s ICT Supply Chain Risk Management Task Force. We have also formed a task force and committees to begin developing standards and comprehensive assessment programs that will define requirements and identify trusted manufacturers, buyers, suppliers, service providers, integrators, and contractors, while allowing these companies to monitor and continually improve the integrity of their products and services. CIOs, CISOs, supply chain and procurement leaders, designers of new products and services, and others can all participate in and have a say in the formulation of these much-needed standards.
Through these industry-driven standards and programs, manufacturers, buyers and suppliers will benefit from the validation of the devices and components that they produce, purchase, and supply, while reducing the cost to comply with unnecessary trade restrictions and regulations. Communication and managed service providers, system integrators, and contractors will be able to drive consumer confidence by ensuring that their infrastructure and services that transmit, store, and analyze information are comprised of components, products, and systems from trusted and verified suppliers. Business owners and executives across all markets will also have confidence that their internal and external networks and systems utilize components and services from trusted companies, enabling them to ensure business continuity, faster time-to-market, and a competitive advantage. And state, local, and federal governments can focus their attention on threats that have a direct impact on national security and public health and safety.
While industries like food, drug, aviation, and others have taken comprehensive measures to improve their security and safety, the need for global industry-driven ICT supply chain security standards and programs is long overdue. Low-latency networking, 5G, sensor technologies, and IoT are happening now and paving the way for next-generation technologies. Without ICT supply chain security standards and programs that give consumers the confidence that our vast, complex telecommunications network is secure, investment into and adoption of next-generation technologies will come to a screeching halt. Standards and programs driven by TIA will measure, assess, and benchmark the integrity of network components, devices, and services – and the companies that deliver them – thereby raising the bar on ICT supply chain security and enabling economic growth.
AT A GLANCE
WHO: The Telecommunication Industry Association
WHAT: A non-profit association representing network and communications companies
WHERE: Arlington, VA