How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic WorldHow 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World
A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
May 20, 2021
In 1947, as the world rebounded from the devastation of World War II, George Kennan's "Long Telegram" introduced containment, a strategy that guided the United States throughout the Cold War. Today, as the world again attempts to rebound from devastation, the international system is similarly on the brink of a new economy, new geopolitics, and new norms and policies.
Just as Kennan's telegram instigated a reimagined strategy for the post-war era, the United States similarly needs a jump-start now toward a modernized and technology-focused strategy for the post-pandemic world order. Importantly, this impetus must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies. It is not only overdue but absolutely critical to economic and national security.
What the Executive Orders Aim to Do
The one-two punch of the recent and upcoming executive orders on supply chains and cybersecurity may well be this jump-start and set the foundation for a significant and much-needed shift in US grand strategy.
In April, administration officials began releasing discrete details regarding the anticipated cybersecurity executive order, including data breach disclosure and security requirements, such as multifactor authentication and encryption, inside federal agencies. Framed in part as a response to the SolarWinds supply chain attack, the executive order comes at a time when the United States' tech and cyber strategy lags behind ongoing geopolitical realities.
As SolarWinds demonstrated, cybersecurity and supply chains are tightly interdependent. The upcoming cybersecurity executive order may include a "software bill of materials" for critical programs to specify the code and components and underscore digital supply chain security. This complements many aspects of February's Executive Order on America's Supply Chains, which similarly places an emphasis on securing critical technologies, including batteries and semiconductors. The supply chain executive order leans heavily on emerging technologies, including securing access to semiconductors, high-capacity batteries, and the materials that create them. Both executive orders address the need for collective economic and national security with allies, like-minded countries, and the private sector as essential to the collective security of all.
Competing Tech Philosophies: Democracy vs. Authoritarianism
Taken together, these two executive orders have the opportunity to reimagine and restructure American strategy on par with the geopolitical and geo-economic tectonic shifts underway. They not only are a response to the techno-authoritarian playbook that continues to spread across the globe, but they also can provide a counterpunch.
With a focus on data security, data sharing, and collaboration with partners, the cybersecurity executive order can make a global contrast between the techno-authoritarian model — focused on data theft, manipulation, abuse, surveillance, and control — and the nascent digital democracy movement. These are opposing philosophies on technology, and whoever wins this "tech race" will shape the 21st century and the future of democracy.
A recent ITIF study addresses this competition and denotes the need for a "digital realpolitik" — a guiding doctrine that places digital considerations at the forefront of a national strategy. While these executive orders will not be the entire solution, they can serve as a significant point of departure from previous eras and establish the foundation for an American strategy in this era of geopolitical and technological competition as well as renewed and reimagined geopolitical and technological collaboration. In fact, there is already a bipartisan bill — the Democracy Technology Partnership Act — aimed at fostering this kind of collaboration and innovation among democracies.
Balancing Inward Investment with Outward Collaboration
Recent incidents including SolarWinds, Exchange, Pulse Secure, and Codecov demonstrate that cybersecurity and supply chains are inextricably linked. As the supply chain executive order notes, "resilient supply chains are secure and diverse." This is why the combination of these two executive orders has the rare opportunity to provide a significant departure point and a unified plan to better prepare the United States for the technological competition that is reshaping the global order. If fully executed, these executive orders have the potential to begin the significant shift toward a comprehensive and integrated technology and geopolitical strategy.
The biggest risk emerging from these orders is the inherent tendency to look backward and revert to paradigms of previous eras. In fact, the strong economic nationalism spreading across the globe is a great example of this risk. The complexity and interdependence of today's supply chains, coupled with the global and dynamic threat landscape, render economic nationalism a self-defeating strategy. These executive orders, fortunately, balance inward investment with outward collaboration. Each is essential to promote competition, security, and innovation domestically while leveraging the comparative advantages of democratic allies and movement toward trustworthy and secure products and networks.
The cybersecurity and supply chain executive orders certainly have limitations in their breadth of reach and are not intended to fill the gaps of a much-needed national technology strategy. However, they can be a significant pivot away from old paradigms and toward tackling the realities of this new world order. In fact, given the daunting scope of these challenges and their direct implications on democracy at home and abroad, starting with a few small steps may be exactly what is needed to jump-start a new strategy focused on the hard work of innovation, security, and defense in an era of technological competition.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks