Editor's Note: This post was first published at Energy.gov.
Cybersecurity attacks disrupt, destroy, and compromise components across manufacturing supply chains and create risks that transcend agencies, departments, and organizations. Cyber risk is especially acute in critical infrastructure, where there is increasing reliance on information communication technology (ICT) components and systems. Historically, supply chain risk management (SCRM) efforts focused on security, resiliency, and logistics; however, the emergence of cybersecurity risk within the Nation's supply chain requires an augmented SCRM approach that focuses on product integrity.
The Enterprise Supply Chain Risk Management (eSCRM) Program provides the Department with a robust toolset of defense-in-breadth and defense-in-depth enterprise capabilities. The Program includes Agency-specific SCRM policies and procedures delivered through a Supply Chain Risk Management-Resource Center (SCRM-RC), which institutionalize SCRM practices, reduce costs, build trust into systems, and provide essential services. The SCRM-RC is a centralized Focal Point that directly supports supply chain risk-based decisions executed by undersecretarial organizations and PMs. Specifically, the SCRM-RC is a prevention, detection, and reporting mechanism that promotes product integrity through:
- SCRM SMEs;
- Training, Outreach, and Awareness;
- Supply Chain Risk Modeling;
- Incident Management Support;
- Program administration; and
- Metrics and Key Performance Indicators.
SCRM-RC outputs are unique to each capability offering and includes high-level SCRM advice, detailed supply chain risk assessments, as well as subject matter expertise, in support of criticality and prioritization analysis. The eSCRM Program services are accessible via the Enterprise SCRM mailbox at:
.
