Overview
Recently-published reports from the U.S. government suggest that, due to COVID and U.S.-China trade tensions, U.S. policy is likely to continue a trend towards incentivizing supply chain de-coupling in the ICT sector where feasible.
On October 20, 2020, the Cyberspace Solarium Commission issued a white paper, “Building a Trusted Supply Chain,” that sets out a “five-pillar” plan to “reinvigorate American high-tech manufacturing and secure the United States’ Information and Communications Technologies (ICT) supply chains,” with a focus on materials, semiconductors, and finished ICT equipment. Established by Congress in 2018, the Commission is comprised of commissioners from both the public and private sectors and is co-chaired by Senator Angus King (I-ME) and Rep. Mike Gallagher (R-WI). This most recent white paper follows a lengthier report issued by the Commission in March 2020 that proposed a strategy of “layered cyber deterrence” as part of an ICT industrial base strategy to “reduce critical dependencies on untrusted” ICTs.
The white paper’s executive summary states:
“Put bluntly, in the context of our supply chains for ICT, the United States has a China problem. Over the past two decades, China has mobilized state-owned and state-influenced companies to grab a dominant position in markets for several emerging technologies.”
The white paper asserts that most of the U.S. ICT and other critical technology supply chains are exposed to cybersecurity risks that jeopardize American businesses and citizens and that undermine American competitiveness via Chinese “forced technology transfer and intellectual property theft.” The report also generally raises concerns with regard to the absence of a unified U.S. government strategy for ICT, for example with respect to 5G standards and infrastructure.
The white paper issues a number of recommendations to help the federal government and private sector achieve the prescribed goals. Some recommendations of note include: a Department of Homeland Security process to identify key ICTs and related materials; White House designation of a lead agency to coordinate ICT supply chain risk management efforts; Federal Communications Commission support on standards and spectrum policy as it relates to 5G; and designation of, and funding for, the Department of Commerce to undertake a study of localities’ potential to serve as economic clusters for critical technology manufacturing and solicit competitive bids from sub-central government entities to serve as clusters. The paper also emphasizes the need for close coordination with trusted countries and industry to develop a comprehensive industrial base strategy in order ensure the global competitiveness of critical supply chains and “to counter Chinese economic aggression.”
On November 6, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) published an analysis on disruptions to the supply chains of the Information and Communications Technology (ICT) industry caused by the COVID-19 pandemic. Authored by the Supply Chain Risk Management (SCRM) Task Force, “Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic” highlights the critical nature of ICT “products, services and components [which] support the economy, keep citizens connected, including facilitating health care services through telemedicine, allowing employees to work remotely, keeping students engaged through remote learning, and enabling critical infrastructure through secure data centers and cloud services.”
The Report identified three major issues that negatively impacted supply chains for ICT during the first stage of the pandemic:
- Concentration: supply chains were concentrated in a single source/single region supplier, and when these particular suppliers could not provide products due to the pandemic, all downstream production stalled.
- Reliance on lean manufacturing: many manufacturers rely on lean inventory models, where companies hold little critical component surplus. This lack of backup supplies led to shortages when the pandemic began, which created delivery delays.
- Lack of supply chain visibility: while companies generally know their tier 1 suppliers, they rarely are able to identify other suppliers in their supply chains. Consequently, when shutdowns occurred as a result of the pandemic, many companies were unable to understand why their supply lines had been disrupted.