The U.S. is facing heightened cybersecurity risk to the industrial supply chain amid increased global competition in manufacturing, according to an expert panel that addressed cybersecurity threats to the U.S. supply chain at the Hack the Capitol 2021 conference Tuesday. Policy coordination gaps between the private and public sectors also contribute to the security concerns.
The industrial sector heavily depends on rising economic powers such as China, which has a goal of becoming the major hardware and software supplier to other countries, part of its Digital Silk Road strategy, Nina Kollars, associate professor at the U.S. Naval War College, said during the panel. Companies such as Huawei have faced scrutiny over whether their products pose a national security risk.
Small- to medium-sized businesses as well as local and state governments are facing increased risk of cyberattacks, Alexiaa Jordan, innovation, cyber and national security analyst at the Lincoln Network, said during the panel discussion. They often lack the resources to proactively hunt for threats or meet federal cybersecurity requirements designed to protect against sophisticated threat actors.
A rise in cyberattacks against the U.S. supply chain, particularly the 2020 SolarWinds attack and the 2021 hack of an Oldsmar, Florida water treatment facility, were wakeup calls for industry that the U.S. was not prepared to thwart a new generation of sophisticated threat actors.
From the perspective of an ICS vendor, the issue comes down to how a company sources, ships and helps customers maintain and operate products that live in their environments for up to 20 years.
"Once those components enter into your overall supply chain for building a product, or a system or a system of systems you have, you have mechanisms to inspect different components to ensure that they don't have what we would call additional or undocumented functionality within the product," Megan Samford, VP and chief product security officer, energy management at Schneider Electric. "And that's really a fancy way of saying backdoors."
The federal government has previously taken steps to address supply chain issues facing the U.S. that were considered potential threats to national security.
In 2019, the Trump administration issued an executive order that blocked spending on firms that were deemed national security threats. That executive order was extended in 2020 and in June of last year the FCC designated smartphone maker Huawei and ZTE Corp. as national security threats.