The Department of Commerce’s National Telecommunications and Information Administration (NTIA) is establishing a program to share “supply chain security risk” information with communications services providers with an aim to avoid future “rip and replace” programs that require removing potentially dangerous equipment from networks.
Fulfilling part of a statute signed into law in March, the Communications Supply Chain Risk Information Partnership (C–SCRIP) targets mainly small and rural communications providers in order to increase their access to information about risks in their supply chains. The partnership will hold regularly scheduled informational briefings and provide “relevant and accessible” risk information to the program’s participants, according to the announcement published in the Federal Register on July 8.
Section 8 of the Secure and Trusted Communications Networks Act of 2019, which President Trump signed into law in March 2020, requires the program to make sure that companies have supply chain risk information before making future investments, in an attempt to mitigate the need for future “rip and replace” programs. Providers are required by the March law to rip out and replace equipment from “untrusted suppliers” that pose a “national security risk.” The March law established $1 billion in Federal grant funding to offset the cost of providers replacing their equipment.
NTIA is collaborating with the Office of the Director of National Intelligence, Department of Homeland Security, Federal Bureau of Investigation, and the Federal Communications Commission to create the information sharing program, which will be established over a four-phase process.
Comments on the program are due on or before July 13. The C–SCRIP program will be informed by public comments and operationalized during Phase 2, according to the announcement in the Federal Register.