Twelve Ways to Build Trust in the ICT Global Supply Chain

Editor’s Note: This paper was released in conjunction with the Building Trust in the Global Supply Chain event at Brookings on April 18, 2013. It is a part of the Center for Technology Innovation‘s Issues in Technology Innovation paper series.

The globalization of commerce and trade has created many benefits. Supply costs have been reduced for many products. Computers and other items can be made of parts from a number of different locales. Countries can specialize in particular goods and companies can focus on the things they do best. Raw materials may come from one area, while manufacturing and production lie elsewhere, and sales and marketing take place in still another place. In this as well as other examples, contemporary commerce involves a complex interchange of hundreds or thousands of individuals, organizations, technologies, and processes across a variety of different continents.

But long supply chains and inadequate or nonexistent product evaluation before deployment, create a situation where widespread vulnerabilities exist in products and networks that can be exploited by others during design, production, delivery, and post-installation servicing. There are industry-wide risks associated with procurement, transportation, and management. Everything from raw materials and natural disasters to market forces, national laws, and political conflict can be problematic. Problems in one area can cascade elsewhere and magnify risks dramatically for the system as a whole.

In this paper, West discusses twelve ways to build trust in the Information and Communications Technology (ICT) global supply chain. With the assistance of a group of leading experts brought together at the Brookings Institution in February, 2013 plus follow-up interviews, he explores the operational threats and technological vulnerabilities that we face, and makes recommendations to identify best practices, standards, and third-party assessment for supply chain assurance.

West argues that vulnerabilities in the supply chain and product development, generally, facilitate a myriad of attack and exploitation techniques, such as unauthorized remote access after product deployment for many malicious activities, degradation of ICT networks, and damage to critical infrastructures. West suggests that developing agreed-upon standards, using independent evaluators, setting up systems for certification and accreditation, and having trusted delivery systems will build confidence in the global supply chain as well as the public and private sector networks that sustain them. These and other types of evaluations make information available to purchasers and therefore give them a firmer basis for product selection.