Safeguarding Open Source and Third-Party Components Throughout the Supply Chain With the BABA Act

With the rise in concern over state-sponsored hacking campaigns being launched through broadband equipment, lawmakers here in the United States have already started addressing the exploitative potential of compromised devices.

But how do these security threats make their way into devices used in homes and offices across the country?

When creating a product, components may be sourced globally. The product may be "assembled" in one country, but the pieces come from all over. Additionally, certain stages of production can occur in different locations throughout the world-stretching the supply chain and its security policies.

Vulnerable points emerge throughout the supply chain, but particularly in those third-party components (including code) generated from government entities in countries that include contractual language that requires them to access the product via a "back door." Because this language is largely adopted by manufacturers, bad actors can find their way in through these vulnerable "back doors"-more quickly than most companies can respond, let alone prevent.

That's why it's critical that supply chain processes include security protocols all throughout the product lifecycle.

Leveraging the Build America, Buy America Act To Ensure Cybersecurity and Supply Chain Resilience

Under the Build America, Buy America (BABA) Act, all iron, steel, manufactured products, and construction materials used in government-funded programs must be produced domestically. For many American broadband service providers (BSPs), this includes fiber broadband equipment to meet requirements for the Broadband Equity, Access, and Deployment (BEAD) program-a $42.45 million effort to deliver high-speed internet to unserved and underserved locations across all 50 states, Washington, D.C., and all five U.S. territories. This fiber equipment includes optical fiber, fiber optic cable, key electronics, and enclosures.

As a member of the National Telecommunications and Information Administration's (NTIA) Communications Supply Chain Risk Information Partnership (C-SCRIP), Calix is dedicated to meeting requirements for cybersecurity and supply chain resilience for BEAD and other government funding programs. Calix bases our resilience and security policies on the National Insititute Institute of Standards and Technology (NIST) Supply Chain Resilience documents and its Cybersecurity Framework. These commitments ensure our products, both hardware and software, are resistant to vulnerabilities associated with open source and other third-party components.

Alleviate Your Cybersecurity Concerns With "Security By Design" and Our Coordinated Vulnerability Disclosure Program

In addition, we are dedicated to a best-in-class security posture throughout the entire product lifecycle. Every 91 days, we update our software to ensure that it's not only optimized with new features and benefits-but also continually reinforced with the most up-to-date security measures we can take.

Our security-centric mindset means we have adopted the principles of "Security By Design," enabling us to scale our capabilities by developing embedded security subject matter expertise throughout all phases of our product development process. We also continually monitor, assess, and improve the security of our products-and we welcome community reports of security issues through our Coordinated Vulnerability Disclosure program.

We take cybersecurity seriously. One breach can cause tremendous loss to not only our BSP customers but also their subscribers. To help our communities thrive with high-speed internet, addressing cybersecurity head on is mandatory.

As we continue to grow our portfolio to offer ever-increasing value to the subscribers of our BSP customers, our security posture will evolve along with us. By remaining committed to meeting federal requirements for cybersecurity and continuously enhancing our security practices, we remain dedicated to helping you protect your community from threats.

Ready to learn more about safeguarding against cybersecurity threats with Calix? Let's discuss your security position today.