Because the Intelligence Community utilizes commercial products including those that may be manufactured abroad, it could be vulnerable to threat or compromise through its supply chain. Intelligence Community Directive 731 issued by Director of National Intelligence James Clapper on December 7 establishes IC policy on “Supply Chain Risk Management.”
“Many IC mission-critical products, materials, and services come from supply chains that interface with or operate in a global marketplace. A greater understanding of the risks inherent in the IC’s participation in the global market place is crucial to safeguarding our nation’s intelligence sources, methods, and activities,” the Directive said.
“Supply chain risk management is the management of risk to the integrity, trustworthiness, and authenticity of products and services within the supply chain.”
“It addresses the activities of foreign intelligence entities … and any other adversarial attempts aimed at compromising the IC supply chain, which may include the introduction of counterfeit or malicious items into the IC supply chain,” the Directive said.
Phi Beta Iota: Paul Strassman and others knew this was an issue in 1992. The issue was flagged. A combination of lazy and corrupt political and corporate leaders decided it was “too hard” and would cut into profits rooted in the export of US jobs to China (5% of every earmarked program comes back to Congressional Political Action Committees), so nothing was done. The solution is straight-forward: an industrial policy that mandates “Made in the USA” with attendant quality control, and a commitment to code level security and full documentation of all software — ideally open. This is not rocket science. It merely requires integrity. What would be even more spectacular: a decision to migrate the entire national information enterprise and network to Open Source Everything (OSE), starting with the Open Source Agency (OSA) and spreading out from there.