The Commerce Department’s National Telecommunications and Information Administration will administer a workshop in November that will focus on the idea of establishing transparency for software parts, Federal News Network reported Tuesday.
The NTIA Software Component Transparency meeting on Nov. 6 in New York will be the continuation of the first workshop of its kind, which kicked off on July 19.
The effort comes as the government grows suspicious of software and hardware programs developed overseas that foreign countries may use to spy on the U.S.
“It’s very difficult when you start going to the lower tiers in the supply chain and you have embedded components and embedded software because there isn’t a bill of materials for the products you buy,” said Donald Davidson, deputy director of cybersecurity risk management at the Office of the Defense Department Chief Information Officer.
He explained during an Armed Forces Communications and Electronics Association-hosted event that there is a need for the government to consider requiring a bill of materials for procured software systems and analyze how that effort would affect operations and costs.
NTIA has yet to define a date for a potential third software transparency workshop.
The U.S. Army supports the idea of developing a standard for informing the DoD about threats to the supply chain.
Maj. Johanna Wynne, intelligence planner at Army Futures Command, noted that the U.S. lacks a common set of practices to communicate the data that it needs.
“The risk assessments that we do receive are often late; they do not provide adequate visualization of trends or patterns and situational awareness. Nor do they support appropriate DoD responses,” Wynne added.