Cyber Solarium Commission outlines recommendations for strengthening the supply chain

Mark Pomerleau

WASHINGTON — On the heels of its capstone March report, the Cyberspace Solarium Commission has released a detailed follow-up with recommendations for how to secure the information and communications technologies supply chain.

The commission is a bipartisan organization created by Congress in 2019 to develop a multipronged U.S. cyber strategy. It delivered a report in March, advocating for multiple cyber deterrence efforts.

The whitepaper, released Monday, is one of several add-ons to the original report that go into greater depth on a particular topic or recommendation from the March report.

This specific whitepaper solely focuses on the recommendation that Congress should direct the U.S. government to develop and implement a strategy for the information and communications technology industrial base to ensure more trusted supply chains and the availability of critical information and communications technologies.

The whitepaper frames in stark terms that the United States lacks a strategy vis-a-vis China.

“Over the past two decades, China has mobilized state-owned and state-influenced companies to grab a dominant position in markets for several emerging technologies, including the market for telecommunications equipment,” the report noted. “This is no accident but rather the result of a concerted, strategic effort by the Chinese government to capture these markets through a mix of government-led industrial policy; unfair and deceptive trade practices, including state-led intellectual property theft; the manipulation of international standards and trade bodies; a growing network of influence built on the back of diplomatic and trade negotiations; and significant investments in research and development in ICT.”

As a result, the whitepaper is the commission's effort to help lay out a strategy for the government to better compete in this space, become less reliant upon manufacturing and resources in Asia, and thus spur greater security.

“We're doing a lot but we lack a north star or a strategic approach that weaves or stiches it all together,” Robert Morgus, senior director for the commission, told C4ISRNET ahead of the whitepaper's release. “Without that north star, U.S. federal government efforts are uncoordinated.”

The paper lists a five-pronged strategy to build trusted supply chains:

• Identify key technologies and equipment through government reviews and public-private partnerships to identify risk.
• Ensure minimum viable manufacturing capacity through strategic investment.
• Protect supply chains from compromise through better intelligence, information sharing and product testing.
• Stimulate a domestic market through targeted infrastructure investment, and ensure the ability of companies to offer products in the United States similar to those in foreign markets.
• Ensure global competitiveness of trusted supply chains, including American and partner companies, in the face of Chinese anti-competitive behavior in global markets.

Moreover, the paper lists a series of recommendations to achieve the strategy, which include a variety of ways to streamline information sharing and efforts that could be taken within the federal government.

The report couches supply chain security in both economic and national security terms, which Morgus noted cannot be decoupled.

“The simple fact that we aren't competing with China on that front creates that security issue. ... The economic issue here is leading to a national security and a cybersecurity issue, and the two issues really can't be disentangled,” he said. “The fact that we don't have trusted suppliers or a robust network of trusted suppliers that can compete has created a security issue where we are reliant on Chinese manufacturing or companies with manufacturing presence in China, which is a potential security issue from the trustworthiness and the availability of those goods and services.”

Among one of the key pillars of the strategy to build a stronger supply chain, the report suggests greater intelligence sharing between allies and partners to disseminate intelligence on risks, which is also beneficial to the private sector.

The paper recommends Congress direct the president to create or designate a national supply chain intelligence center that would integrate supply chain intelligence efforts from across the government with other members of the public and private sectors. It would also serve as the shared knowledge center for threats to the supply chain.

https://www.c4isrnet.com/cyber/2020/10/19/cyber-solarium-commission-outlines-recommendations-for-strengthening-the-supply-chain/