Supply chain integrity (SCI) in the ICT industry is a topic that is receiving attention from both the public and private sectors (i.e. vendors, infrastructure owners, operators, etc.) as part of a wider review of supply chain control. Understanding supply chains is a critical factor in business success and thus to the economy of nation states, and integrity is the element of managing the supply chain that this report focusses on with a view to providing guidance to EU member states. One of the many aims of this paper is to identify what SCI means in the ICT context and to propose means of giving assurance of SCI. The ICT sector is all encompassing and it would be difficult in a single report to cover all parts of it, thus the main body of this report primarily considers the telecommunications sub-sector as a model for ICT in general.
The present report identifies the nature of threats related to ICT supply chain and examines the strategies that may be used to counter them. It recommends that participants in the supply chain follow a core set of good practices that can provide a common basis to assess and manage ICT supply chain risk – and to recognize that governments must work in collaboration with private industry to build international assessment frameworks.
Scott Cadzow, Cadzow Communications Consulting Georgios Giannopoulos, European Commission – Joint Research Centre Alain Merle, LETI France Tyson Storch, Microsoft Claire Vishik, Intel Slawomir Gorniak, European Network and Information Security Agency Demosthenes Ikonomou, European Network and Information Security Agency