A new report from the Department of Homeland Security (DHS) and the Department of Commerce (DoC) calls for Federal government action to revitalize U.S.-based production of semiconductors and printed circuit boards (PCBs) as one of several actions to boost the nation’s information and communications technology (ICT) industry supply chain security.
The report also calls for a larger Federal government role in expanding the U.S.-based workforces in ICT sectors to accomplish the same aim.
Those recommendations are front and center in a joint report from DHS and DoC – entitled Assessment of the Critical Supply Chains Supporting the U.S. Information and Communications Technology Industry – that flows from President Biden’s February 2021 executive order for Federal agencies to review supply chain security across critical U.S. industries.
The EO gave DHS and DoC a one-year deadline to assess supply chains for critical sectors and subsectors of the U.S. (ICT) industrial base. The resulting report – which covers supply chains supporting communications hardware, computing and data storage hardware, end-user devices, and critical software including open-source software and firmware – was compiled with input from Federal agencies, ICT private sector companies, and academia.
Major Recommendations
While the report says the U.S. continues to lead in ICT development and innovation in many categories, that’s not the case in PCBs, display hardware, and electronics assemblies, where manufacturing is concentrated in China. Semiconductor production also continues to be a largely overseas activity.
To meet that challenge, the agencies suggested implementing a “comprehensive” Federal strategy to revitalize the U.S. ICT manufacturing base.
That would include supporting “domestic investment and production of key ICT products, potentially including printed circuit boards (PCBs) and semiconductors, through appropriate federal procurement incentives and funding of programs like Title III of the Defense Production Act and the Creating Helpful Incentives to Produce Semiconductors for America Act,” the agencies said.
They also suggested promoting better supply chain risk management practices “through procurement and monitoring efforts such as implementing an Assured Supplier Program for PCBs for Federal Government and establishing a Critical Supply Chain Resilience Program at the Department of Commerce.”
On the ICT software side, the agencies said that the current ecosystem creates “several security risks.”
“The ubiquitous use of open-source software can threaten the security of the software supply chain given its vulnerability to exploitation,” they said. “Furthermore, the complexity of the ICT supply chain has led many Original Equipment Manufacturers (OEMs) to outsource firmware development to third party suppliers, which introduces risks related to the lack of transparency into suppliers’ programming and cybersecurity standards.”
Other major recommendations include:
- Collaboration with international partners to “advance shared interests” in the ICT industry including bolstering supply chain security and diversity for critical products, strengthening trade enforcement, and increasing participation in international standards development;
- Using Federal programs and future legislation to support and expand programs aimed at “bringing nascent technologies to market as well as advancing manufacturing technologies”; and
- Building the ICT workforce by “by enhancing computer science curricula and
investing in multiple secondary and post-secondary pathways, including through registered apprenticeships, career and technical education programs, and community college programs. Grant investments should be aligned with employer-led sectoral partnerships that ensure training is linked to real-world job opportunities.”
Ongoing Work
A joint statement from DHS Secretary Alejandro Mayorkas and Commerce Secretary Gina Raimondo said the need to move on ICT supply chain security is pressing, especially given disruptions caused by the coronavirus pandemic and the further reliance on technology forced by the public health crisis.
Both agencies, the secretaries said, “have already begun to take steps aimed at mitigating risks identified” in the new report. Those include “investing in domestic manufacturing capacity and workforce development, developing supply chain security frameworks, collaborating with international partners to improve resiliency, investing in ICT research and development efforts as well as reducing cyber risks.”
“Promoting a more secure and resilient ICT supply chain is going to take a whole-of-government approach, working together to protect and strengthen the very supply chains that keep our economy running and our communities safe,” they said, along with efforts from the private sector.