Supply Beacon Vol. 2 – Chips, China, and Cyber

December 9, 2021

The Top 5 Supply Chain News Stories You Need to Know

The Supply Beacon is your monthly resilience digest, the 5-minute supply chain and security news drop you can’t afford to miss, delivered with insights from the experts at Interos. Know what you need to – fast.

What We’re Reading

House Homeland Committee Scrutinizes Cyber Security Directives on Transportation Sector  – Industrial Cyber Pandemic Preparedness
Story summary: A House Joint Subcommittee on Homeland Security met in late October to consider industry-wide cyber security directives for the transportation sector. Subcommittee Chairman Rep. Bennie Thompson (D-Miss.) called on the Transportation Security Administration to work in close collaboration with the Cybersecurity and Infrastructure Security Agency to craft requirements to achieve security industry-wide benefits. If successful, Thompson argued these potential requirements could position the transportation sectors as a model for mandating cybersecurity measures.
Interos Insight: Private entities own and operate more than 86% of the critical infrastructure in the United States. As the US government looks to build requirements for reporting and regulations for industry, transportation leaders are again reminded that cyber security is a national security concern. Transportation companies need visibility into their own companies, but also those in their extended supply chains to avoid potential devastating ripple effects.



Biden Signs Legislation to Tighten U.S. Restrictions on Huawei, ZTE 
Story summary: President Joe Biden signed The Secure Equipment Act earlier this month that prevents technology companies believed to be security threats like Huawei and ZTE from receiving new equipment licenses from US regulators. The new law is the latest federal effort to crack down on Chinese telecom and tech companies that may pose a cybersecurity threat.
Interos Insight: While the 2019 National Defense Authorization Act (NDAA) banned these companies from selling to Federal agencies, their products are still available for consumers, enterprises, and were – sometimes unknowingly – in the supply chain of other buyers. While the law’s current “Covered Equipment and Services” list only names five foreign companies, Interos’ mapping has identified more than 900 foreign companies that could be of concern with more likely still to be discovered. Interos’ methodology team goes through an ongoing rigorous, manual and automated process to make sure that all related entities are discovered and tracked. With such strong bipartisan support, it is clear that compliance will be required and enforced. Companies with any related parts in their supply chain are encouraged to ensure they have the analytical tools necessary for discovery.
Commerce Adds NSO Group to Entity List for Malicious Cyber Activities
Story summary: The US Commerce Department’s Bureau of Industry and Security (BIS) has added four foreign companies to its Entity List, essentially blacklisting them from trade with US companies. The decision comes as these companies – two from Israel, and one each from Russia and Singapore – were deemed to act in a way that went against the national security or foreign policy interests of the United States. NSO Group and Candiru, the two companies from Israel, reported supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
Interos Insight: The move is a little surprising as the two Israeli firms operate in an Allied country. Following this announcement, Isaac Benbenisti, a telecommunications executive who joined NSO in August and was recently named to succeed NSO founder and CEO Shalev Hulio, abruptly resigned. These additions to prohibited and restricted entities lists (which are increasingly frequent and unpredictable) illustrate just how quickly the notion of who is safe or unsafe to do business with can change. It also highlights the importance of investing in real-time monitoring solutions that can discover hidden connections to these entities, who often act through seemingly legitimate middlemen that conceal nefarious state and non-state-backed activity.
U.S. Chipmaker Micron Unveils $150bn Global Expansion Plan
Story summary: Micron Technology said it will invest $150 billion in chip manufacturing and research and development over the next decade as governments around the world vie to bring vital semiconductor production on shore.
Interos Insight: As the semiconductor shortage goes on, companies like Micron are evaluating their business model, including the physical locations where their products are made. Countries like the United States have begun creating location-based tax incentives, an about-face after ignoring on-shoring semiconductor production for decades due the high cost. However, Micron notes they expect that production costs in the United States will be 35% to 45% higher than elsewhere. While geographic location is important, Interos’ data connections suggest that most, if not all, semiconductor supply chains are connected to each other. This indicates that although capacity is expanding within industry, it will take more than one company’s investment in capacity to solve the supply and demand problem.
That’s this month’s Supply Beacon. Looking to learn more about supply chain risk and operational resilience? Check out Got a suggestion for next month’s newsletter? Send us the scoop at [email protected] or tweet us at @InterosInc!

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money