On Thursday, the U.S. intelligence and security launched a “call to action” to address supply chain threats from foreign powers.
The National Counterintelligence and Security Center (NCSC) within the Office of the Director of National Intelligence, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Federal Communications Commission, and the Department of Defense’s Center for the Development of Security Excellence have joined in an effort to “raise awareness” of threats to U.S. supply chains made all too apparent in the wake of the Chinese coronavirus pandemic.
The NCSC warned foreign powers arrayed against U.S. interests are using vital supply chains as “attack vectors,” compromising products and services that “underpin America’s government and industry.” The effects of these efforts, they said, include “lost intellectual property, jobs, economic advantage, and reduced military strength.”
Acting NCSC Director Michael Orlando stressed the immediacy of the issue: “If the COVID-19 pandemic and resulting product shortages were not a sufficient wake-up call, the recent software supply chain attacks on U.S. industry and government should serve as a resounding call to action,” he said. “We must enhance the resilience, diversity, and security of our supply chains.” Orlando continued, saying the “vitality of our nation depends” on addressing threats posed by foreign adversaries.
The aforementioned agencies have partnered with the National Association of State Procurement Officials and the National Association of Counties for what the NCSC dubbed the “4th annual National Supply Chain Integrity Month.” They will use the time to highlight warnings that “actions by foreign adversaries to exploit vulnerabilities in U.S. supply chains” which “pose unique counterintelligence and security threats,” but also to address ongoing practical concerns such as production shortages, trade disruptions, and natural disasters.
Throughout April, @NCSCgov is teaming up with @CISAgov, @FCC, @TheCDSE, @NASPOnews, @NACoTweets and other organizations to raise awareness of supply chain threats and share info on risk mitigation. See new risk mitigation materials at: https://t.co/ubtkvPjvGY pic.twitter.com/PvQe0PiQPU
— NCSC (@NCSCgov) April 1, 2021
The NCSC referenced the now-infamous hack of Texas-based IT company SolarWinds, noting the attention it brought to a much larger issue. At the time, Microsoft President Brad Smith called the subversion of SolarWinds’ Orion security software “the largest and most sophisticated attack the world has ever seen.” But the attack was not the first, the NCSC said; merely one in a series of similar attempts at sabotage.
Other examples include the June 2017 “NotPetya” cyberattack against Ukraine’s financial, energy, and government sectors, at the time labeled “the most destructive and costly cyber attack in history,” as what the U.S. government described as “part of the Kremlin’s ongoing effort to destabilize” the country.
Despite a history of support for foreign trade deals, even President Biden acknowledged the supply chain crisis. In February, Biden signed an executive order for a thorough review of supply chains for computer chips, large capacity batteries, pharmaceuticals, “critical minerals,” and “rare earth materials.” On February 24, Biden said while “we all recognize that the particular problem won’t be solved immediately,” they “need to stop playing catch up after the supply chain crisis hit,” and “need to prevent the supply chain crisis from hitting in the first place.”