What is the ICT Supply Chain Assessment?
The Information and Communications Technology (ICT) industry encompasses all technologies used for communication and information exchange, including computers, networks, software, telecommunications systems, and related services. Vulnerabilities within this industry’s supply chains can be exploited, affecting all users of a technology or service.
The oft-repeated saying has proven truer than ever in recent years: a supply chain is only as strong as its weakest link. In a 2024 statement, the White House emphasized this point: “Everything in our lives—the food we eat, the medicines in our hospitals, the energy that powers our homes, the computer chips in our devices—relies on supply chains, and the disruptions sparked by the COVID-19 pandemic and Russia’s war on Ukraine showed what happens when they are neglected for decades.”
These disruptions exposed the weak links in both domestic and global supply chains, impacting product availability and industry resilience. Examples of the impacts of these events include:
- Sixty percent of manufacturing companies crippled by inventory shortages
- Lumber prices quadrupling in a matter of months
- Gas prices surging to over $5 per gallon
- Chip shortages cutting global light vehicle production by 5 million
In response, the 2021 Executive Order (E.O. 14017) on America’s Supply Chains was issued to help build resilient, diverse, and secure supply chains supporting critical U.S. industries. The Order directed the Departments of Commerce and Homeland Security to conduct a one-year assessment on the supply chains for critical U.S. sectors and subsectors. The resulting report, Assessment of the Critical Supply Chains Supporting the U.S. Information and Communications Technology Industry, proposes recommendations to mitigate risk and strengthen supply chain resiliency across the ICT industrial base.
The assessment joins a broad group of regulations that have been enacted to guard against forced labor and adverse environmental and human rights impacts in the supply chain. Notable among these are the U.S. Uyghur Forced Labor Prevention Act (UFLPA) and the European Union Corporate Sustainability Due Diligence Directive (CSDDD).
>> Learn how to develop a response to global supply chain regulations <<
Why does the ICT supply chain assessment matter?
Products and systems within the ICT supply chain touch all parts of the U.S. economy, presenting a large attack surface for illicit actors. In addition, some components of complex ICT supply chains may come from only a single source or region due to limited options, uniqueness, or the need to control costs. This limitation can introduce further risk.
One need look no further than the ongoing Israel–Hamas war to see an example of ICT supply chain infiltration. Israel’s Mossad infiltrated a Hezbollah supply chain to manufacture pagers rigged with explosives. A technology provider was reportedly a front company controlled by the Israeli government. Beyond the loss of life and injuries, there was resulting widespread distrust of electronic devices in Lebanon.
When you couple these threats and risks with the fact that only 30 percent of companies report having visibility into their supply chain beyond the first tier, it’s clear why enterprises are being forced to reexamine the security and transparency of their supply chains.
>> Discover techniques to mitigate risk in direct and upstream supply chains <<
Executive Order 14017 reflects increased focus on our supply chains, and the resulting one-year report produced the following eight recommendations:
- Revitalize the U.S. ICT Manufacturing Base
- Build Resilience through Secure and Transparent Supply Chains
- Collaborate with International Partners to Improve Supply Chain Security and Resiliency
- Invest in Future ICT Technologies
- Strengthen the ICT Workforce Pipeline
- Ensure Sustainability Remains a Cornerstone of ICT Development
- Engage with Industry Stakeholders on Resiliency Efforts
- Continue to Study the ICT Industrial Base
So, what impact have these 2022 recommendations had on regulation? The December 2024 Quadrennial Supply Chain Review documents progress made since Executive Order 14017. Here are some of the regulatory actions it highlights:
- The Creating Helpful Incentives to Produce Semiconductors and Science Act of 2022 (CHIPS and Science Act) bolsters domestic semiconductor manufacturing and reduces reliance on foreign sources.
- An amendment to the National Defense Authorization Act is scheduled to go into effect in January 2027 to prohibit U.S. Department of Defense (DOD) acquisition of printed circuit boards (PCBs) and PCB assemblies (PCBAs) used for mission-critical defense functions from China, Russia, North Korea, and Iran.
- The DOD, General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) are finalizing a rule implementing Section 5949 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, which prohibits agencies from procuring certain products and services that include semiconductors from entities of concern.
- The Department of Homeland Security (DHS) committed to continue to advance the work of the Committee on Foreign Investment in the United States (CFIUS). CFIUS is authorized to review certain transactions involving foreign investment in the U.S. The recent Foreign Investment Risk Review Modernization Act (FIRRMA) expands CFIUS jurisdiction, requiring investors to file mandatory declarations for transactions in certain critical technologies and infrastructure, or the personal data of U.S. nationals.
While the private sector must take the lead on building more transparency and security into their supply chains, the above recent actions demonstrate that the U.S. Government will be taking an active role in creating new policies and laws that will impact commercial enterprises.
How you can ensure a resilient ICT supply chain
In addition to evaluating a diversification strategy (for example, adopting a “China plus one” approach where production occurs in other markets in addition to China), enterprises must invest in supply chain risk management practices through screening and monitoring efforts. This is especially important in light of the risks that come with relying on hardware and software originating from potential adversaries such as China, the world’s most dominant manufacturer.
Sayari delivers automated supply chain mapping to provide instant insight into sub-tier suppliers and their risks, enabling compliance and confident business decisions. Instead of relying solely on an inside-out approach to supply chain mapping that is based on supplier requests for information (RFIs)/questionnaires and is prone to low response rates and delays, Sayari’s outside-in approach relies on public data to inform your view of direct and indirect suppliers.
Sayari Map is a supply chain mapping and risk screening solution aimed at enhancing visibility into complex global supply chains. Map allows you to efficiently identify and manage supply chain risk with capabilities like:
- Instant batch screening of n-tier supplier risk
- Automated, product-specific supply chain mapping
- Monitoring and adjudication workflows
Sayari Map simplifies supply chain risk identification at scale. Request a personalized demo of Sayari to see how you can effectively map, manage, and monitor end-to-end supply chain risk.
