This talk is based on the urgent need for a comprehensive supply chain security policy for India. It opens by outlining the concept of supply chain security and its growing relevance in the modern era. Today, critical infrastructure across sectors such as energy, transportation, and healthcare is increasingly dependent on software and technologies sourced globally. However, these dependencies often carry persistent risks.
The threat landscape spans a) espionage: the state-sponsored actors may exfiltrate sensitive data; b) sabotage: deliberate disruptions in the supply chain could compromise essential systems; and c) dependency: over-reliance on foreign hardware and software stifles indigenous innovation and self-reliance. As control over these critical technologies rests largely with foreign suppliers, India remains vulnerable to geopolitical shocks and potential coercion, creating significant national security concerns.
Ensuring resilience, therefore, requires a rigorously evaluated, secure, and sovereign infrastructure ecosystem. The talk will further examine existing policy frameworks in India, highlighting both their strengths and limitations, and consider the path forward toward a robust supply chain security strategy.
We will compare-
CERT-In Expanded BOM Guidelines
KPMG India – SSCS Program Prioritization
NASSCOM – Software Supply Chain: Challenges & Best Practices
SEBI Cybersecurity and Cyber Resilience Framework.
(Note: This talk is based on the undergoing research as part of the NAST Fellowship by The Takshashila Institution, funded by FOSS UNITED Foundation)
Importance of Supply Chain Security
Key Open Source Frameworks like gittuff, S2C2F, Zarf
Software Supply Chain Security Policy Frameworks/Guidelines - India Case