Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/20/2021
10:00 AM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.

In 1947, as the world rebounded from the devastation of World War II, George Kennan's "Long Telegram" introduced containment, a strategy that guided the United States throughout the Cold War. Today, as the world again attempts to rebound from devastation, the international system is similarly on the brink of a new economy, new geopolitics, and new norms and policies.

Just as Kennan's telegram instigated a reimagined strategy for the post-war era, the United States similarly needs a jump-start now toward a modernized and technology-focused strategy for the post-pandemic world order. Importantly, this impetus must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies. It is not only overdue but absolutely critical to economic and national security.

Related Content:

Biden's Supply Chain Initiative Depends on Cybersecurity Insights

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 10 Security Awareness Training Mistakes to Avoid

What the Executive Orders Aim to Do
The one-two punch of the recent and upcoming executive orders on supply chains and cybersecurity may well be this jump-start and set the foundation for a significant and much-needed shift in US grand strategy.

In April, administration officials began releasing discrete details regarding the anticipated cybersecurity executive order, including data breach disclosure and security requirements, such as multifactor authentication and encryption, inside federal agencies. Framed in part as a response to the SolarWinds supply chain attack, the executive order comes at a time when the United States' tech and cyber strategy lags behind ongoing geopolitical realities. 

As SolarWinds demonstrated, cybersecurity and supply chains are tightly interdependent. The upcoming cybersecurity executive order may include a "software bill of materials" for critical programs to specify the code and components and underscore digital supply chain security. This complements many aspects of February's Executive Order on America's Supply Chains, which similarly places an emphasis on securing critical technologies, including batteries and semiconductors. The supply chain executive order leans heavily on emerging technologies, including securing access to semiconductors, high-capacity batteries, and the materials that create them. Both executive orders address the need for collective economic and national security with allies, like-minded countries, and the private sector as essential to the collective security of all.

Competing Tech Philosophies: Democracy vs. Authoritarianism
Taken together, these two executive orders have the opportunity to reimagine and restructure American strategy on par with the geopolitical and geo-economic tectonic shifts underway. They not only are a response to the techno-authoritarian playbook that continues to spread across the globe, but they also can provide a counterpunch. 

With a focus on data security, data sharing, and collaboration with partners, the cybersecurity executive order can make a global contrast between the techno-authoritarian model — focused on data theft, manipulation, abuse, surveillance, and control — and the nascent digital democracy movement. These are opposing philosophies on technology, and whoever wins this "tech race" will shape the 21st century and the future of democracy. 

A recent ITIF study addresses this competition and denotes the need for a "digital realpolitik" — a guiding doctrine that places digital considerations at the forefront of a national strategy. While these executive orders will not be the entire solution, they can serve as a significant point of departure from previous eras and establish the foundation for an American strategy in this era of geopolitical and technological competition as well as renewed and reimagined geopolitical and technological collaboration. In fact, there is already a bipartisan bill — the Democracy Technology Partnership Act — aimed at fostering this kind of collaboration and innovation among democracies. 

Balancing Inward Investment with Outward Collaboration
Recent incidents including SolarWinds, Exchange, Pulse Secure, and Codecov demonstrate that cybersecurity and supply chains are inextricably linked. As the supply chain executive order notes, "resilient supply chains are secure and diverse." This is why the combination of these two executive orders has the rare opportunity to provide a significant departure point and a unified plan to better prepare the United States for the technological competition that is reshaping the global order. If fully executed, these executive orders have the potential to begin the significant shift toward a comprehensive and integrated technology and geopolitical strategy. 

The biggest risk emerging from these orders is the inherent tendency to look backward and revert to paradigms of previous eras. In fact, the strong economic nationalism spreading across the globe is a great example of this risk. The complexity and interdependence of today's supply chains, coupled with the global and dynamic threat landscape, render economic nationalism a self-defeating strategy. These executive orders, fortunately, balance inward investment with outward collaboration. Each is essential to promote competition, security, and innovation domestically while leveraging the comparative advantages of democratic allies and movement toward trustworthy and secure products and networks.

The cybersecurity and supply chain executive orders certainly have limitations in their breadth of reach and are not intended to fill the gaps of a much-needed national technology strategy. However, they can be a significant pivot away from old paradigms and toward tackling the realities of this new world order. In fact, given the daunting scope of these challenges and their direct implications on democracy at home and abroad, starting with a few small steps may be exactly what is needed to jump-start a new strategy focused on the hard work of innovation, security, and defense in an era of technological competition. 

Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company's research and analytic work modeling global ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MattSheaMixMode
50%
50%
MattSheaMixMode,
User Rank: Author
5/22/2021 | 7:38:42 PM
Thank You
Great article and I appreciate the connection to the end of the WWII era and the foundations created for the Cold War at the end of the last Century. With regards to supply chain, it seems like the recent EO's from the White House are a step in the right direction but need to continue and go further.

 

Specifically, incoporate AI and other technology and processes for anomaly detection and Zero Trust, not just on network topology but behavioral elements of users, entities, devices and software processes. 

Thanks,

 
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.