Supply chain security is a priority in the fight to improve the overall security of U.S. critical infrastructure and systems. 

Clear federal guidelines are needed to improve the security of supply chains for federal agencies and critical infrastructure, as well as oversight by a federal supply chain risk management agency. These policies should prioritize transparency and a risk-based approach so that U.S. national security objectives can be met without putting American competitiveness at risk. Technology companies are working through industry-led groups to develop clear guidelines and best practices in the absence of coordinated federal action. The tech industry is focused on looking broadly at these risks and not focusing solely on the country-of-origin concerns about products made or assembled in China. And they are developing and deploying technologies and best practices that mitigate risk and enhance supply chain security, as well as enabling a global supply chain network that allows for exponential growth and innovation across sectors.

Good policy ensures the development of a coherent supply chain security policy, which is why federal policymakers should designate a lead supply chain security risk management agency and empower the National Cyber Director to coordinate these efforts. It approaches supply chain security using risk-based and evidence-driven analyses, encouraging transparency and predictability for private industry. It leverages the existing public-private ICT Supply Chain Risk Management Task Force for collaboration on supply chain security and works to advance and protect U.S. national security objectives without putting American competitiveness at risk.