The US Department of Homeland Security (DHS) hosted the first National Security Summit on July 31 in New York City. In attendance were US Vice President Mike Pence, senior members of the DHS and other federal agencies, as well as industry leaders from sectors including telecom, finance, and energy. One of the major announcements to come out of this summit was the formation of the National Risk Management Center, including a new supply chain risk management task force.

National Risk Management Center

• The National Risk Management Center shall coordinate national efforts to protect the nation’s critical infrastructure across the federal government and the private sector through three lines of effort:
  • Identify and prioritize strategic risks to national critical functions
  • Integrate government and industry activities on development of risk management strategies
  • Synchronizing operational risk management activities across industry and government
• The center will move beyond previous information sharing between private and public sectors to develop a common understanding of risk and joint action plans to ensure the United States’ critical services and functions remain uninterrupted by the ever changing threats to their security. While the National Cybersecurity and Communications Integration Center (NCCIC) will remain DHS’s central hub for cyber operations, the National Risk Management Center will work with the NCCIC to coordinate strategic risk management and tactical operations.

Information and Communications (ICT) Supply Chain Risk Management Task Force

• This task force to include experts from both industry and government will be housed in the center and will be led by the DHS National Protection and Programs Directorate (NPPD) and critical infrastructure partners in the IT and Communications Sector Coordinating Councils.
• Participants shall include the following:
  • Senior- mid-level representatives from the IT and communications sectors
  • Subject matter experts from the energy, financial services, critical manufacturing, and the defense industrial base
  • Subject matter experts in the areas of supply chain, information security and technology, and strategy and policy
• The task force will focus on the following:
  • Providing recommendations for actions to address key strategic challenges to identifying and managing risk associated with the global information and communications technology supply chain and related third-party risk
  • Creating policy initiatives and innovative public-private partnerships for near-term and long-term solutions to manage strategic risks
• Once established, the task force shall determine priorities and scope of work, develop a plan of action, and establish milestones

Additionally, in his closing remarks at the summit, Mr. Pence urged the US Senate to support the creation of the Cybersecurity and Infrastructure Security Agency by the end of 2018.