R Street Policy Study No. 170: Broadening the Lens on Supply Chain Security in the Cyber Domain

WASHINGTON (April
15) – Last year’s John S. McCain National Defense Authorization Act banned
government use of certain products from Chinese firms Huawei and ZTE. But
these firms are not the only foreign companies that pose a risk to American
national security.

In a new policy study, R Street Senior Fellow Paul Rosenzweig and Research Associate Kathryn Waldron discuss how Huawei and ZTE are not isolated threats. Other companies from China and Russia, such as Lenovo and Kaspersky, may also pose threats to American national security, given their countries’ problematic legal structures and history of cyber espionage. 

Until now, the United
States has lacked a unified strategy for dealing with supply chain
vulnerabilities. Waldron and Rosenzweig argue that the fragmentation of
responsibility makes cross-department communication and cooperation all the
more imperative. If the U.S. approach to supply chain risk is not transparent,
American citizens will be put at risk.

The new Federal
Acquisition Security Council, created by the SECURE Technology Act, will need
to address a number of issues. They must determine what public and private
sector assets to protect from supply chain risk. They must recognize the
malicious tactics, techniques and procedures that threat actors are likely to
use in order to accomplish their objectives. They must identify the
vulnerabilities that exist in U.S. information systems and employ the most
effective defensive measures for thwarting adversaries and recovering from
failed mitigation efforts. They must design metrics to accurately assess supply
chain threats and the methods used to address those threats.

The authors
conclude that America should not isolate itself in an increasingly
interconnected world, but it must aim for “supply chain assurance—the certainty
that raw materials and manufactured components that are vital to our national
defense and homeland security do not depend too extensively on availability from
more risky non-American sources.”

Featured Publications

In the News Cybersecurity Policy, Data Security and Data Privacy, Federal Government Affairs

Congressional privacy bill looks to rein in data brokers

Brandon Pugh April 15, 2024 CyberScoop

Analysis Cybersecurity, Cybersecurity Policy

Balancing Risk and Reward: AI Risk Tolerance in Cybersecurity

Haiman Wong, Amy Chang, Brandon Pugh April 15, 2024

Op-Eds California, Electoral Reform, Federal Government Affairs, Governance, State Policy

From Donald Trump to Katie Porter, election denialism is on the rise. It’s time for voters to fight back.

Matt Germer March 30, 2024 Orange County Register

Op-Eds California, Insurance, Insurance Regulation, State Policy

Meddling California lawmakers risk sending landlords out of rental business

Steven Greenhut April 12, 2024 Orange County Register

Op-Eds Electoral Reform, Governance

Lessons From 1968 for a Tumultuous 2024

Eli Lehrer April 9, 2024 DC Journal

In the News Criminal Justice and Civil Liberties, Policing

Anti-Violence Activist Says N.Y.P.D. Leaders Defamed Her Over Criticism

Jillian Snider April 12, 2024 The New York Times

Podcasts State Policy, Technology and Innovation

‘If you can make them laugh, they’ll remember things’

April 12, 2024 Mackinac Center for Public Policy

In the News Governance

Biden, Kishida upgrade security ties; China cited by name in unusual move

Thomas Cynkin April 12, 2024 Straits Times

Real Solutions Electricity Policy, Energy and Environment, Low-Energy Fridays, State Policy, Texas

Low-Energy Fridays: Missed Connections with the Texas Grid  

Josiah Neeley April 12, 2024

In the News Federal Government Affairs, Harm Reduction, Opioid Harm Reduction

Booker, Colleagues Introduce Bipartisan SEEK HELP Act to Save Lives Amidst Overdose

Mazen Saleh April 11, 2024 Senator Cory Booker