Open industry standards for mitigating risks to global supply chains

Governments and large enterprises are cognizant of and appreciate the benefits of globalization. They also recognize their increasing reliance on commercial-off-the-shelf (COTS) information technology (IT) components (software and hardware) necessary to meet the needs of their business missions. As cyberattacks increase in sophistication, stealth, and severity, governments and larger enterprises are taking a more comprehensive approach to risk management and product assurance. Simply improving today's security practices is insufficient. A comprehensive approach involves understanding the practices commercial technology suppliers can employ to protect the integrity of their products and services in the global supply chain-including an understanding of how suppliers manage the risks inherent in globalized product development and manufacturing. This paper outlines the nature of the global technology supply chain, the challenges posed, and the impact on consumers. It describes the added importance of a framework for addressing these challenges based on an approach of IBM, as well as evolving industry open standards efforts to address technology supply chain risks.