Ensuring security in global supply chains is critical to ensuring trust in ICT and the future of the digital society. Today’s ICT products and services are comprised of a multitude of software, hardware and service components, more often than not, produced, assembled or provisioned by a large number of ICT manufacturers, vendors and service providers around the globe. Interdependency of ICT vendors’ supply chains and complexity of products and services make the mitigation of third-party risk a daunting task. The growing number of cyber incidents targeting supply chains further exacerbate the situation.
While global ICT firms have invested heavily in mitigating third-party risk, governments in the Global South and emerging markets, as well as small and medium-sized businesses, often lack the capacity and resources to manage ICT supply chain risk effectively. In addressing supply chain-related security concerns, some governments have enacted strict measures, ranging from technical security reviews based on domestic standards to data localization requirements and foreign investment restrictions. Current geopolitical dynamics have also led to ill-guided attempts to exercise sovereign powers over global ICT supply chains and the Internet, which may further fragment cyberspace and lead to a technological and economic decoupling.
The workshop will shed light on current developments and discuss approaches to strengthen risk mitigation and trust in ICT supply chains by:
- Assessing ICT supply chain risk and threat landscape
- Building confidence in ICT supply chains through assurance and transparency measures
- Closing the ICT supply chain security capacity and competence gap
Managing ICT supply chain security effectively requires close cooperation between government, corporate and civil society stakeholders to address their interests and concerns as buyers, users, service operators and manufacturers along these three dimensions at technical, operational and normative levels.
The workshop is organized by the EastWest Institute in cooperation with the Association des Utilisateurs des Systèmes d’Information au Maroc, the ICT Authority of Kenya and Kaspersky.
Dr. Philipp Amann
Head of Strategy, Europol EC3 European Cybercrime Centre
Dr. Amirudin Abdul Wahab
CEO, CyberSecurity Malaysia
Dr. Katherine Getao
CEO, ICT Authority Kenya
Public Affairs Manager, Kaspersky
President, Association des Utilisateurs des Systèmes d’Information au Maroc (AUSIM)
Dr. Andreas Kuehn
Senior Program Associate, EastWest Institute