15) – Last year’s John S. McCain National Defense Authorization Act banned
government use of certain products from Chinese firms Huawei and ZTE. But
these firms are not the only foreign companies that pose a risk to American
national security.

In a new policy study, R Street Senior Fellow Paul Rosenzweig and Research Associate Kathryn Waldron discuss how Huawei and ZTE are not isolated threats. Other companies from China and Russia, such as Lenovo and Kaspersky, may also pose threats to American national security, given their countries’ problematic legal structures and history of cyber espionage. 

Until now, the United
States has lacked a unified strategy for dealing with supply chain
vulnerabilities. Waldron and Rosenzweig argue that the fragmentation of
responsibility makes cross-department communication and cooperation all the
more imperative. If the U.S. approach to supply chain risk is not transparent,
American citizens will be put at risk.

The new Federal
Acquisition Security Council, created by the SECURE Technology Act, will need
to address a number of issues. They must determine what public and private
sector assets to protect from supply chain risk. They must recognize the
malicious tactics, techniques and procedures that threat actors are likely to
use in order to accomplish their objectives. They must identify the
vulnerabilities that exist in U.S. information systems and employ the most
effective defensive measures for thwarting adversaries and recovering from
failed mitigation efforts. They must design metrics to accurately assess supply
chain threats and the methods used to address those threats.

The authors
conclude that America should not isolate itself in an increasingly
interconnected world, but it must aim for “supply chain assurance—the certainty
that raw materials and manufactured components that are vital to our national
defense and homeland security do not depend too extensively on availability from
more risky non-American sources.”

Featured Publications