RSA 2021 Recap – Supply Chain Resilience & Techtonic Geopolitical Shifts

May 26, 2021
Andrea Little Limbago

2020 was a global inflection point for supply chains – and so much more. Economic nationalism, a splintering internet, and geopolitical tensions were simmering long before 2020, but were accelerated by the pandemic. The global shock also deepened the growing global divide between authoritarian and democratic ideologies around technology, expediting the emergence of distinct technospheres of influence. Driven by geopolitical shifts and the rapid evolution of emerging technologies, these techtonic shifts are already reshaping and redefining global supply chains. At last week’s RSA, I had the opportunity to discuss these global shifts and what forward-leaning companies should consider when seeking “Supply Chain Resilience in a Time to Techtonic Geopolitical Shifts”.

In addition to the horrific human toll, the COVID-19 pandemic punctuated the global order between Before Times and the post-pandemic era.

A Tale of Two Techno-Ideologies

The Chinese model of digital authoritarianism has spread aggressively. The model leverages technology to surveil, repress, and manipulate domestic and foreign populations. The tools and tactics inherent in this techno-ideology increasingly wreak havoc on both citizens and supply chains. With the steady beat of digital supply chain attacks, internet shutdowns, digital sovereignty stifling cross-border data flows, and government surveillance and mandates to access data, the digital authoritarian model is taking root across the globe.

A counter-weight is starting to emerge based on the aspirational visions of a secure, open, trusted, and free Internet. This nascent digital democracy model is beginning to address security and privacy through a multi-stakeholder lens and prioritizes collaboration and cooperation as well as individual data rights and protections.

Just as these distinct approaches continue to accelerate the splintering of the Internet, they are now leading to a splintering of supply chains and the technologies that undergird them. Government and private sector entities alike are increasingly reimagining supply chains based on trustworthy networks – with a specific focus on trusted suppliers and products.

Techno-spheres of Influence

How are these divergent ideologies impacting global supply chains? There are (at least) three core areas: trade wars, regulatory shifts, and global hot spots. In each of these, geopolitics and diverging approaches to technology are changing the risk calculus and cost of doing business at home and abroad.

  • Global Trade Wars: Just as the weaponization of cyber has shifted power structures across the globe, so too is the weaponization of trade. Governments are increasingly seeking to leverage industrial policy for national interests. Weaponized cyber programs are being paired with specific industrial policies to threaten supply chains. As the IMF recently summarized, “Technology wars are becoming the new trade wars.” And these technology wars are further exacerbated by opposing perspectives on the rules and norms surrounding the use of technology.

These disputes continue to influence corporate decisions regarding reshoring, onshoring, as well as alternative suppliers especially when geographic concentration risks are considered. In recent surveys, almost a quarter of companies plan to relocate supply chains and three-quarters have enhanced their scope of existing reshoring. Tariffs and market pressures have driven many of these changes, but a shifting regulatory landscape provides additional fodder for reassessing supply chain resilience.

  • Regulatory Shifts: To offset the risks posed by digital authoritarians, democracies across the globe have begun to prohibit or restrict foreign technologies. The U.S. Departments of Commerce, Treasury, State, Homeland Security, and Defense have all produced an uptick in export, re-export and capital flows restrictions. As the chart below highlights, the Bureau of Industry and Security at the Department of Commerce alone has added over 350 different Chinese entities to restricted lists since 2019.

Many countries are also leveraging industrial policy, such as the patchwork of 5G restrictions within Europe as well as India and Australia. China has also implemented its own unreliable entity list which could further pose challenges for global brands. Finally, the data protection and privacy landscape provides one more layer of complexity. Many countries are crafting similar laws to the GDPR. On the other hand, some nations are creating regulations in the mold of Cambodia’s internet autarky, Kazakhstan’s digital certs, and Ecuador’s all-seeing eye. All of these policy approaches introduce localized data risks.

  • Global Hot Spots: While major power competition dominates national security discourse, global supply chains are also impacted by a rise in instability. Cyber and emerging technologies have introduced asymmetric power, wherein small countries can have an oversized impact due to the minimal resources and diminished price required to harness offensive cyber or emerging technologies. North Korea, Russia, and Iran are the usual suspects when considering the asymmetric nature of power, especially when considering the reach of campaigns such as SolarWinds or Iranian and North Korean campaigns against the financial industry.

Similar capabilities are now available across the globe and further exacerbate instability and unrest. For instance, Vietnam and Lebanon both have advanced persistent threat groups (APTs) linked to global campaigns. Meanwhile, localized conflicts between Armenia and Azerbaijan, Western Sahara and Morocco as well as the Tigray region have integrated foreign-made drones and disrupted energy markets, trade routes, and manufacturing supply chains, respectively.

Building Resilience Amidst Techtonic Shifts

What can be done to build resilience under these dynamic conditions? First, a collective security approach is essential. As a Wall Street Journal logistic report noted, “A substantial investment in securing customer data at one company can easily be undermined by a supplier with weak financial incentives for safeguards.” Second, in preparing for the ‘new normal,’ avoid the inherent inclination to prepare for yesterday’s risks and disruptions. This is not simply a new Cold War or the end of globalization, but rather a new order that includes risks new and old. Finally, gaining visibility across your entire supply chain ecosystem – as well as the data that flows through it – is paramount. Data and privacy risks are increasingly localized, and borders do exist on the internet.

Of course, these ongoing global shifts introduce a range of challenges. Decoupling and reshoring are expensive and costly, but it is important to keep in mind that it is not an all or nothing approach: We must prioritize based on criticality and dependencies. Keeping up with the regulatory shifts is also increasingly difficult, especially since some of these changes may occur below the radar if you don’t have a way to track them. And of course, mental models are hard to shift. It’s easier to assume the new normal will look like it did in Before Times, but that could leave organizations ill-prepared for tomorrow’s disruptions.

Despite these challenges, there are also significant opportunities. Resilience can be a competitive advantage. Preparations now for the range of disruptions will pay off down the road. Collective security and collaboration    can further strengthen resilience and help lead to more trustworthy and reliable networks. Finally, technology can help overcome blind spots and provide greater visibility and insights into the range of current and potential future disruptions.

Now is the time to either shape the future or be shaped by it. Based on the fascinating interactive Q&A session at RSA, there seems to be growing interest in these shifts and desire to do the hard work of building more resilient supply chains. Now it is on us to avoid a collective failure of imagination and reimagine supply chain resilience on par with these techtonic shifts.

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money