Information and communications technology (ICT) supply chain security is an integral part in ensuring the functioning of Jamaica critical infrastructure and its services. The ICT supply chain is the network of interconnected roles responsible for the production, distribution and delivery for ICT technology. As the digital landscape expands, attacks targeting ICT supply chains are becoming increasingly prevalent. Exploiting vulnerabilities within the ICT supply chain can have widespread consequences, affecting all users of the compromised technology or service. These attacks can range from open-source vulnerabilities, single sign-on (SSO) weaknesses to security certificate breaches and denial of services (DDos) attacks. 

Transparency in the technology of each supplier and the ability to monitor ongoing changes is essential for mitigating risks in the ICT supply chain. However, majority of ICT technologies used in Jamaica are foreign assets, which presents challenges for transparency and effective monitoring. Despite these challenges, the Cyber Incident Response Team (CIRT) Division is dedicating considerable time and effort to limit these risks and enhance the resilience of Jamaica’s cyber infrastructure.

The CIRT is collaborating with both the public and private sectors to ensure the safety of ICT technologies. On a daily basis, the CIRT monitors the country’s technology suppliers for vulnerabilities by analyzing multiple datasets and communicates with affected organizations regarding these vulnerabilities. They maintain an organized system for tracking vulnerability status and keeping accurate records.