The Biden Administration’s Executive Order mandating a 100-day review of critical supply chains and its pending EO on cloud/cyber security are arriving not a second too soon. Never before have our physical and digital supply chains been as much of a national security issue as they are today. The team at Interos, which has been signaling the urgent need for greater transparency in our key extended supply chains — both to bolster national security and to foster economy prosperity — fully supports the administration’s forward-leaning call to action.
The question now becomes: how does the government and private sector, both singularly and jointly, better position themselves for operational resilience: the ability to avoid disruption in vital supply chains and to bounce back from massive shocks – such as the COVID-19 pandemic and the Solar Winds hack — when they occur? This is not only a matter of compliance, in this age of hyper connectivity: it is just good business.
Since the 1980s, global supply chains (first physical, and then digital beginning in the 2000s) powered globalization — integrating economies and crafting complex co-dependencies across corporations and governments. While the pace of globalization slowed following the 2008 financial crisis, that shock was insignificant compared to the events of the past year.
The ongoing COVID pandemic, global-scale cyber supply-chain attacks, and tectonic geopolitical shifts continue to upend the world order, transforming globalization and the fragile supply chains undergirding it. Today, critical and on-going semiconductor shortages, as highlighted in the Executive Order, threaten the auto industry with loss-inducing bottlenecks and imperil the future of emerging technology development. While concern over PPE shortages has abated somewhat since the height of the pandemic, the new administration has correctly flagged a review of critical vaccine supply chains, and it’s abundantly clear that ongoing vigilance here is imperative.
Supply Chain Visibility is More Important Than Ever
This flurry of activity, and the multifaceted nature of the concerns driving it, highlight the importance both of securing our supply chains and of taking action in a coordinated, strategic manner. To effectively address this crisis, we must adopt a modern comprehensive supply chain strategy, establishing a whole-of-government approach that encourages coordination and information sharing with industry.
More investment in supply chain awareness, launched from both the halls of key government agencies and from the C-suite, is required. This redoubled investment wave should stem not simply from any sense of “compliance” with White House mandates but rather from good-old common sense: a desire to protect the integrity of critical infrastructure and, when it comes to the corporate world, the Board’s fiduciary interest in securing the company’s top and bottom line…and the company’s reputation. Where the federal government once sorely lagged in investment in cutting edge cybersecurity technology, it cannot fail to do so today when it comes to investing in state-of-the-art supply chain risk management technology.
Indeed, these events of the past year underline the pressing need to adopt holistic tools leveraging emerging technologies that give a complete and up-to-the-minute picture of our supply chains, and the risk that often lies hidden within them. Without an accurate and real-time understanding of who we are truly reliant on, we cannot even begin to secure those relationships and pursue the much-needed, secure-supply alternatives. Technology exists, such as in the AI and Machine Learning powered platform built here at Interos, to instantly visualize extended supply chains down to the Nth tier, to continuously monitor a host of ever-changing risks, and to weigh alternative supply sourcing options (repositioning, reshoring) to solve for unwanted concentration risk. Yet, technology that yields broad and deep situational awareness of the supply chain is only part of the solution; an effective strategy lies at the core.
Supply Chain Security as a Top Strategic Priority
Admirably, within its first few months in office, the Biden administration has already moved to define the terms of the post-pandemic world order and its emerging norms, standards, and policies. It’s called for “resilient, diverse and secure” supply chains. A comprehensive and modernized U.S. supply chain strategy—one that is forged as a public-private partnership with serious input from the halls of corporate America and academia–will be foundational to this transformation, as supply chains uniquely cut across an array of challenges, including national security, public safety, economic growth, climate change and such increasingly prominent “ESG” issues as unethical labor practices.
To its credit, the outgoing Trump administration had issued a series of executive orders and policy responses to address the supply chain risks. These included executive orders addressing the information and communications technology, energy, critical minerals, and medical supply chains, as well as an unprecedented use of prohibitions and restrictions aimed at removing national security threats from U.S. federal and commercial supply chains. These actions were levied incrementally by the Treasury and Commerce departments, and provisions within the annual defense budget like NDAA Section 889 Part B that forbade agencies from doing business with companies using telecom equipment from 5 Chinese companies The Trump administration also oversaw the implementation of a different NDAA provision – section 1237 – which authorized the president to unilaterally ban 30 Chinese companies.
It’s worth noting that this isn’t just rare cross-administration continuity, it is cross-agency as well. The Biden administration is currently implementing a Trump-era rule enabling the Commerce Department to ban any technology-related business transactions it determines to pose a risk to national security. Additionally, in December 2020, the Department of Commerce added over 100 Chinese companies to their restricted entities list, which had seen the addition of over 350 Chinese companies over the preceding two years
Biden’s White House, however, has gone further and made it clear that supply chain security, in the wake of COVID, is a top strategic national priority and one that must yield tangible results through effective implementation. This renewed focus on supply chains also echoes the Obama administration, which should come as no surprise given that many Obama-era mainstays have returned to aid the Biden administration on the issue. To be sure, an integrated supply chain strategy is not just essential for pandemic responses.
The SolarWinds espionage-focused cyber breach – followed by the massive Microsoft Exchange and Accellion extortion-focused supply chain hacks — are just the latest reminders of the digital interdependencies across the government and private sector as well as the fundamental role of supply chain integrity to U.S. national and economic security. While there has been a significant increase in awareness and activity toward creating more trustworthy supply chains, a coordinated, whole-of-government strategy is necessary.
This again is why a coordinated and comprehensive supply chain strategy – one that includes allies across the globe — is so essential. The push for ‘Made in the USA’ is strong; identifying new ways to manufacture locally, to ensure trust in the software supply chain, and to boost economic recovery must be part of this strategy. But it cannot supersede collaboration with allies and like-minded nations in this transformed approach to worldwide extended supply chains.
What comes next?
What now can we do right here at home? How can we best respond to the EO?
In order for government agencies and companies to meet the challenge put forward by the Biden executive order on supply chain integrity, it’s imperative that they are able to do the following things:
- While not explicitly called out, agencies and companies will need to map out their entire extended supply chains to 4th, 5th, 6th tiers and beyond.
- Companies will need to be assessed against a wide range of risks, including defense, intelligence, cyber, homeland security, health, climate, environmental, natural, market, economic, geopolitical, human-rights or forced-labor.
- Risk assessment to include reliance on digital products that may be vulnerable to failures or exploitation, including via compromised software and hardware products.
- Risk assessment to include supply chains with geographic concentration risk/single points of failure, single or dual suppliers, or limited resilience, especially for subcontractors.
- Identification of warehouse, manufacturing, distribution and production sites whose location is at risk due to the factors outlined above.
- Identification or exclusive or dominant supply of critical goods and materials and other essential goods and materials by or through nations that are, or are likely to become, unfriendly or unstable.
- Identification of the availability of substitutes or alternative sources for critical goods and materials and other essential goods and materials.
- Identification of areas where civilian supply chains are dependent upon competitor nations.
Meeting these challenges will require an integrated approach to the supply chain and cybersecurity, leveraging emerging technologies that enable instantaneous supply chain discovery and continuous monitoring. Moreover, the challenges raised by the executive order will not be the last.
In this fast-moving era of supply chain uncertainty, the facts are simply:
- Whether it’s the geographic concentration risk posed by the pandemic, or supply chain cyberattacks, or Chinese flagged companies, both government and industry need to focus on building resilience to prepare for the next system shock.
- Given the ever-increasing globalization of our physical and digital supply chains, the United States must leverage advances in technology to both protect our resources and stay ahead of our adversaries.
Interos welcomes the opportunity to continue working with industry and federal agencies to address this critically important issue.
Jennifer Bisceglie, founder & CEO, Interos