Oct 19 -- The Bureau of Industry and Security (BIS) is announcing a virtual forum that will occur on October 29, 2021, and that will allow participants to provide recommendations to strengthen the resiliency of critical supply chains supporting the U.S. information and communications technology (ICT) industrial base that are at risk of disruption, strain, compromise, or elimination. The virtual forum will begin at 9:00 a.m. Eastern Daylight Time (EDT) and conclude at 12:00 p.m. EDT. Registration for the virtual forum: Requests to attend the virtual forum must be submitted by 5:00 p.m. EDT on October 27, 2021. Speaker requests must be submitted by 5:00 p.m.
FR notice announcing Oct 29 virtual forum:
https://www.federalregister.gov/documents/2021/10/19/2021-22763/notice-of-virtual-forum-for-risks-in-the-information-communication-technology-supply-chain
Sept 20 -- The Office of Technology Evaluation, Bureau of Industry and Security, U.S. Department of Commerce requests comments and information from the public by November 4, 2021 to assist the Secretary of Commerce and the Secretary of Homeland Security in preparing a report on supply chains for critical sectors and subsectors of the information and communications technology (ICT) industrial base.
On February 24, 2021, President Biden issued Executive Order 14017, “America's Supply Chains.” E.O. 14017 focuses on the need for resilient, diverse, and secure supply chains to ensure U.S. economic prosperity and national security. Such supply chains are needed to address conditions that can reduce critical manufacturing capacity and the availability and integrity of critical goods, products, and services.
E.O. 14017 directs that within one year of the date of the order, the Secretary of Commerce and the Secretary of Homeland Security, in consultation with the heads of appropriate agencies, shall submit a report to the President on supply chains for critical sectors and subsectors of the information and communications technology (ICT) industrial base (as determined by the Secretary of Commerce and the Secretary of Homeland Security).
For the purposes of this report, the scope of the ICT industrial base shall consist of hardware that enables terrestrial distribution, broadcast/wireless transport, satellite support, data storage to include data center and cloud technologies, and end user devices including home devices such as routers, antennae, and receivers, and mobile devices; “critical” software (as defined by the National Institute of Standards and Technology in relation to Executive Order 14028); and services that have direct dependencies on one or more of the enabling hardware.
In developing this report, the Secretary of Commerce and the Secretary of Homeland Security will consult with the heads of appropriate agencies and will be advised by all relevant bureaus and components of the Department of Commerce and the Department of Homeland Security. This notice requests comments and information from the public to assist the Secretary of Commerce and the Secretary of Homeland Security in preparing the report required by E.O. 14017.
The Department of Commerce and the Department of Homeland Security are particularly interested in comments and information directed to the policy objectives listed in E.O. 14017 as they affect the U.S. ICT supply chains, as defined in the previous section, including, but not limited to, the following elements:
(i) “Critical goods and materials,” as defined in section 6(b) of E.O. 14017, underlying the supply chain in question. Under section 6(b) of E.O. 14017, “critical goods and materials” means goods and raw materials currently defined under statute or regulation as “critical” materials, technologies, or infrastructure;
(ii) “other essential goods and materials,” as defined in section 6(d) of E.O. 14017, underlying the supply chain in question, including digital products. Under section 6(d) of E.O. 14017, “other essential goods and materials” means those that are essential to national and economic security, emergency preparedness, or to advance the policy set forth in section 1 of E.O. 14017, but not included within the definition of “critical goods and materials”; [1]
(iii) manufacturing, or other capabilities necessary to produce or supply the materials and services identified in paragraphs (i) and (ii) above, including emerging capabilities;
(iv) defense, intelligence, cyber, homeland security, health, climate, environmental, natural, market, economic, geopolitical, human-rights or forced-labor risks, or other contingencies that may disrupt, strain, compromise, or eliminate the supply chain—including risks posed by supply chains' reliance on digital products that may be vulnerable to failures or exploitation, and risks resulting from the elimination of, or failure to develop domestically the capabilities identified in paragraph (iii) above—and that are sufficiently likely to arise so as to require reasonable preparation for their occurrence;
(v) resilience and capacity of American manufacturing supply chains, including ICT design, manufacturing, and distribution, and the industrial base—whether civilian or defense—of the United States to support national and economic security, information security, emergency preparedness, and the policy identified in section 1 of E.O. 14017, in the event any of the contingencies identified in paragraph (iv) above occurs, including an assessment of:
(A) manufacturing or other needed capacities of the United States related to ICT design and manufacturing of products and services, including the ability to modernize to meet future needs;
(B) gaps in domestic design and manufacturing capabilities, including nonexistent, extinct, threatened, or single-point-of failure capabilities;
(C) information and cybersecurity practices and standards of the ICT sector with specific regard to the risks identified in paragraph (iv) above. The Department of Commerce and the Department of Homeland Security are specifically interested in comments related to validation standards of component and software integrity, standards and practices ensuring the availability and integrity of software delivery and maintenance, and security controls during the manufacturing phase of ICT hardware and components;
(D) supply chains with a single point of failure, single or dual suppliers, single region suppliers, highly connected markets or shared suppliers, or limited resilience, especially for subcontractors, as defined by section 44.101 of title 48, Code of Federal Regulations (Federal Acquisition Regulation);
(E) location of key design, manufacturing, software development, integration, and production assets, with any significant risks identified in paragraph (iv) above posed by the Start Printed Page 52129assets' physical location or the distribution of these facilities;
(F) exclusive or dominant supply of “critical goods and materials,” and “other essential goods and materials,” as identified in paragraphs (i) and (ii) above, by or through nations that are or are likely to become, unfriendly or unstable;
(G) availability of substitutes or alternative sources for “critical goods and materials,” and “other essential goods and materials,” as identified in paragraphs (i) and (ii) above.
(H) relevant workforce skills, best practices, and identified gaps in the availability and/or adequacy of domestic education and training resources necessary to fulfill future workforce needs;
(I) need for research and development capacity to sustain leadership in the development of services or “critical goods and materials,” and “other essential goods and materials,” as identified in paragraphs (i) and (ii) above;
(J) role of transportation and transmission systems in supporting existing supply chains and risks associated with those systems; and
(K) risks posed by climate change to the availability, production, transportation, or transmission of “critical goods and materials” and “other essential goods and materials,” as identified in paragraphs (i) and (ii) above;
(vi) allied and partner actions, including whether or not the United States' allies and partners have also identified and prioritized the services or “critical goods materials” and “other essential goods and materials” identified in paragraphs (i) and (ii) above, and possible avenues for international engagement;
(vii) primary causes of risks for any aspect of the ICT industrial base and supply chains assessed as vulnerable pursuant to paragraph (v) above;
(viii) prioritization of the “critical goods and materials” and “other essential goods and materials,” including digital products, identified in paragraphs (i) and (ii) above for the purpose of identifying options and policy recommendations. The prioritization shall be based on statutory or regulatory requirements; importance to national security, emergency preparedness, and the policy set forth in section 1 of E.O. 14017;
(ix) specific policy recommendations important for ensuring a resilient supply chain for the ICT industrial base. Such recommendations may include, but are not limited to, sustainably reshoring supply chains and developing or strengthening domestic design, components, and supplies; cooperating with allies and partners to identify alternative supply chains; building redundancy into domestic supply chains; ensuring and enlarging stockpiles; developing workforce capabilities; enhancing access to financing; expanding research and development to broaden supply chains; addressing risks due to vulnerabilities in digital products relied on by supply chains; addressing risks posed by climate change; strengthening supply chain security; and any other recommendations;
(x) any executive, legislative, regulatory, and policy changes and any other actions to strengthen the capabilities identified in paragraph (iii) above, and to prevent, avoid, or prepare for any of the contingencies identified in paragraph (iv) above; and
(xi) suggestions for improving the Government-wide effort to strengthen supply chains, including suggestions for coordinating actions with ongoing efforts that could be considered duplicative of the work of E.O. 14017 or with existing Government mechanisms that could be used to implement E.O. 14017 in a more effective manner.
FR notice requesting comments/information on ICT supply chains:
https://www.federalregister.gov/documents/2021/09/20/2021-20229/notice-of-request-for-public-comments-on-risks-in-the-information-communications-technology-supply