In case anyone needed more evidence that secure supply chains are now an expected component of every federal contractor’s business, the Department of Homeland Security set up a new task force on the matter last week.   The task force, made up of representatives from IT and communications companies and industry associations, is part of a larger push by DHS to tackle cybersecurity vulnerabilities and other threats to commercial hardware and software products.  The message to contractors is clear:  fail to provide evidence that your supply chains are secure and risk losing government business.  Such requirements can conflict with government moves to attract small and new market entries.  There are costs to establishing and ensuring a secure supply chain.  Smaller businesses may not be as able to meet security requirements – or show proof that they can – potentially putting them at a disadvantage when competing with larger companies.  No one ever said that government acquisition rules are consistent.  Just because a contractor offers a secure supply chain, though, doesn’t ensure that government systems will remain secure.  The number one security vulnerability is still employee misuse of systems.  Whether it’s circumventing log-on requirements, using unapproved devices, or the old favorite of surfing for porn, it’s often what happens inside an agency that causes a security breach, not outside.   Nevertheless, contractors need to be prepared to show that they’re doing their part.  Make sure your supply chain meets the requirements.