Retour aux nouvelles

21 octobre 2020 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité, Autre défense

Cyber Solarium Commission outlines recommendations for strengthening the supply chain

WASHINGTON — On the heels of its capstone March report, the Cyberspace Solarium Commission has released a detailed follow-up with recommendations for how to secure the information and communications technologies supply chain.

The commission is a bipartisan organization created by Congress in 2019 to develop a multipronged U.S. cyber strategy. It delivered a report in March, advocating for multiple cyber deterrence efforts.

The whitepaper, released Monday, is one of several add-ons to the original report that go into greater depth on a particular topic or recommendation from the March report.

This specific whitepaper solely focuses on the recommendation that Congress should direct the U.S. government to develop and implement a strategy for the information and communications technology industrial base to ensure more trusted supply chains and the availability of critical information and communications technologies.

The whitepaper frames in stark terms that the United States lacks a strategy vis-a-vis China.

“Over the past two decades, China has mobilized state-owned and state-influenced companies to grab a dominant position in markets for several emerging technologies, including the market for telecommunications equipment,” the report noted. “This is no accident but rather the result of a concerted, strategic effort by the Chinese government to capture these markets through a mix of government-led industrial policy; unfair and deceptive trade practices, including state-led intellectual property theft; the manipulation of international standards and trade bodies; a growing network of influence built on the back of diplomatic and trade negotiations; and significant investments in research and development in ICT.”

As a result, the whitepaper is the commission's effort to help lay out a strategy for the government to better compete in this space, become less reliant upon manufacturing and resources in Asia, and thus spur greater security.

“We're doing a lot but we lack a north star or a strategic approach that weaves or stiches it all together,” Robert Morgus, senior director for the commission, told C4ISRNET ahead of the whitepaper's release. “Without that north star, U.S. federal government efforts are uncoordinated.”

The paper lists a five-pronged strategy to build trusted supply chains:

  • Identify key technologies and equipment through government reviews and public-private partnerships to identify risk.
  • Ensure minimum viable manufacturing capacity through strategic investment.
  • Protect supply chains from compromise through better intelligence, information sharing and product testing.
  • Stimulate a domestic market through targeted infrastructure investment, and ensure the ability of companies to offer products in the United States similar to those in foreign markets.
  • Ensure global competitiveness of trusted supply chains, including American and partner companies, in the face of Chinese anti-competitive behavior in global markets.

Moreover, the paper lists a series of recommendations to achieve the strategy, which include a variety of ways to streamline information sharing and efforts that could be taken within the federal government.

The report couches supply chain security in both economic and national security terms, which Morgus noted cannot be decoupled.

“The simple fact that we aren't competing with China on that front creates that security issue. ... The economic issue here is leading to a national security and a cybersecurity issue, and the two issues really can't be disentangled,” he said. “The fact that we don't have trusted suppliers or a robust network of trusted suppliers that can compete has created a security issue where we are reliant on Chinese manufacturing or companies with manufacturing presence in China, which is a potential security issue from the trustworthiness and the availability of those goods and services.”

Among one of the key pillars of the strategy to build a stronger supply chain, the report suggests greater intelligence sharing between allies and partners to disseminate intelligence on risks, which is also beneficial to the private sector.

The paper recommends Congress direct the president to create or designate a national supply chain intelligence center that would integrate supply chain intelligence efforts from across the government with other members of the public and private sectors. It would also serve as the shared knowledge center for threats to the supply chain.

https://www.c4isrnet.com/cyber/2020/10/19/cyber-solarium-commission-outlines-recommendations-for-strengthening-the-supply-chain/

Sur le même sujet

  • Pentagon’s Second Multibillion Cloud Contract to Be Bid in Coming Months

    11 juin 2018 | International, C4ISR

    Pentagon’s Second Multibillion Cloud Contract to Be Bid in Coming Months

    Officials say the Defense Department's multibillion Defense Enterprise Office Solutions contract is expected to be bid out in the fourth quarter of this fiscal year. Much of the oxygen in the federal contracting community has gone to the Pentagon's Joint Enterprise Defense Infrastructure contract in recent months, but the Pentagon is very close to bidding out a second major cloud contract that may rival it in size. Defense officials said last month that the Defense Enterprise Office Solution acquisition, valued at approximately $8 billion, could be bid out later this month, with an expected award issued by the second quarter of 2019. The contract will have a five-year base period with five one-year options. DEOS is the Pentagon's attempt to “unify and modernize” some of its legacy systems, including enterprise email, collaboration services, voice and video services, messaging, content management and other productivity capabilities for more than 3.5 million users. Brian Herman, the Defense Information Systems Agency's unified capabilities portfolio manager, said the Pentagon isn't interested in developing new capabilities but rather wants to take advantage of existing commercial capabilities in use across industry today. “Our goal is to take the capabilities that are available now, change the way we work to take advantage of these commercial services, and receive all of the upgrades and improvements that industry brings to their commercial customers,” said Herman, speaking at the Armed Forces Communications and Electronics Association's Defensive Cyber Operations Symposium in Baltimore May 16. In the commercial world, many companies have opted for cloud-based delivery of collaborative and email services. Delivered at scale across the Defense Department's massive enterprise, Herman said the approach could significantly reduce costs and improve security and efficiency. DEOS could eventually replace the Defense Enterprise Email, Defense Collaboration Services, and Defense Enterprise Portal Service, and potentially other legacy systems currently maintained by the Pentagon's IT wing. “We've had feedback from the DOD management, financial, and technical leaders. They've looked at the services used by [DOD agencies] and said, ‘You need to change the way you use these services. It's no longer necessary for every application to be on your desktop. Perhaps you can have web-based access to some of these capabilities and both improve the security and reduce the cost of these capabilities,” Herman said. DEOS will offer services through the Pentagon's unclassified and classified networks, meaning potential bidders must have provisional authorization to operate at Impact Level 5 to bid on it. Currently, only a few cloud service providers, including Microsoft, IBM, Amazon Web Services and General Dynamics, have achieved this status. Meanwhile, the Pentagon has not yet released a final solicitation for JEDI, which some industry estimates have pegged at $10 billion. The contract has drawn scrutiny from industry and Congress because of the Defense Department's decision to award it to a single cloud service provider. Initially expected to be released in mid-May for industry consideration, it has been delayed indefinitely. https://www.nextgov.com/it-modernization/2018/06/pentagons-second-multibillion-cloud-contract-be-bid-coming-months/148733/

  • Joint Statement on Canada-Australia Partnership on Emerging Missile Defence Research

    23 novembre 2024 | International, Terrestre

    Joint Statement on Canada-Australia Partnership on Emerging Missile Defence Research

    Today, the Honourable Bill Blair, Minister of National Defence of Canada, and the Honourable Richard Marles, Deputy Prime Minister and Minister for Defence of Australia, released a joint statement on a new agreement to collaborate on research on emerging missile threat defence.

  • Lockheed exits Air Force tanker competition, lifting Boeing's KC-46 | Reuters

    23 octobre 2023 | International, Aérospatial, Sécurité

    Lockheed exits Air Force tanker competition, lifting Boeing's KC-46 | Reuters

    Lockheed Martin Corp has withdrawn from the U.S. Air Force's competition to build at least 75 refueling tankers, the company said, giving Boeing's KC-46 Pegasus a boost in the closely watched multibillion-dollar defense contract.

Toutes les nouvelles