The U.S. China Commission’s final report on federal IT supply chain risks identified threats from global suppliers and suggested federal agencies are already at risk. “The Chinese government considers the ICT sector a ‘strategic sector’ in which it has invested significant state capital and influence on behalf of state-owned ICT enterprises,” the report states. “New policies requiring companies to surrender source code, store data on servers based in China, invest in Chinese companies, and allow the Chinese government to conduct security audits on their products open federal ICT providers — and the federal ICT networks they supply — to Chinese cyberespionage efforts and intellectual property theft. China also continues to target U.S. government contractors and other private sector entities as part of its efforts to gain economic advantage and pursue other state goals.”
Prepared by Interos Solutions, the report includes six recommendations for combating supply chain threats, including linking federal regulations to appropriations and adopting an adaptive risk management process.