Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Connect Directly
E-Mail vvv

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.

In 1947, as the world rebounded from the devastation of World War II, George Kennan's "Long Telegram" introduced containment, a strategy that guided the United States throughout the Cold War. Today, as the world again attempts to rebound from devastation, the international system is similarly on the brink of a new economy, new geopolitics, and new norms and policies.

Just as Kennan's telegram instigated a reimagined strategy for the post-war era, the United States similarly needs a jump-start now toward a modernized and technology-focused strategy for the post-pandemic world order. Importantly, this impetus must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies. It is not only overdue but absolutely critical to economic and national security.

Related Content:

Biden's Supply Chain Initiative Depends on Cybersecurity Insights

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 10 Security Awareness Training Mistakes to Avoid

What the Executive Orders Aim to Do
The one-two punch of the recent and upcoming executive orders on supply chains and cybersecurity may well be this jump-start and set the foundation for a significant and much-needed shift in US grand strategy.

In April, administration officials began releasing discrete details regarding the anticipated cybersecurity executive order, including data breach disclosure and security requirements, such as multifactor authentication and encryption, inside federal agencies. Framed in part as a response to the SolarWinds supply chain attack, the executive order comes at a time when the United States' tech and cyber strategy lags behind ongoing geopolitical realities. 

As SolarWinds demonstrated, cybersecurity and supply chains are tightly interdependent. The upcoming cybersecurity executive order may include a "software bill of materials" for critical programs to specify the code and components and underscore digital supply chain security. This complements many aspects of February's Executive Order on America's Supply Chains, which similarly places an emphasis on securing critical technologies, including batteries and semiconductors. The supply chain executive order leans heavily on emerging technologies, including securing access to semiconductors, high-capacity batteries, and the materials that create them. Both executive orders address the need for collective economic and national security with allies, like-minded countries, and the private sector as essential to the collective security of all.

Competing Tech Philosophies: Democracy vs. Authoritarianism
Taken together, these two executive orders have the opportunity to reimagine and restructure American strategy on par with the geopolitical and geo-economic tectonic shifts underway. They not only are a response to the techno-authoritarian playbook that continues to spread across the globe, but they also can provide a counterpunch. 

With a focus on data security, data sharing, and collaboration with partners, the cybersecurity executive order can make a global contrast between the techno-authoritarian model — focused on data theft, manipulation, abuse, surveillance, and control — and the nascent digital democracy movement. These are opposing philosophies on technology, and whoever wins this "tech race" will shape the 21st century and the future of democracy. 

A recent ITIF study addresses this competition and denotes the need for a "digital realpolitik" — a guiding doctrine that places digital considerations at the forefront of a national strategy. While these executive orders will not be the entire solution, they can serve as a significant point of departure from previous eras and establish the foundation for an American strategy in this era of geopolitical and technological competition as well as renewed and reimagined geopolitical and technological collaboration. In fact, there is already a bipartisan bill — the Democracy Technology Partnership Act — aimed at fostering this kind of collaboration and innovation among democracies. 

Balancing Inward Investment with Outward Collaboration
Recent incidents including SolarWinds, Exchange, Pulse Secure, and Codecov demonstrate that cybersecurity and supply chains are inextricably linked. As the supply chain executive order notes, "resilient supply chains are secure and diverse." This is why the combination of these two executive orders has the rare opportunity to provide a significant departure point and a unified plan to better prepare the United States for the technological competition that is reshaping the global order. If fully executed, these executive orders have the potential to begin the significant shift toward a comprehensive and integrated technology and geopolitical strategy. 

The biggest risk emerging from these orders is the inherent tendency to look backward and revert to paradigms of previous eras. In fact, the strong economic nationalism spreading across the globe is a great example of this risk. The complexity and interdependence of today's supply chains, coupled with the global and dynamic threat landscape, render economic nationalism a self-defeating strategy. These executive orders, fortunately, balance inward investment with outward collaboration. Each is essential to promote competition, security, and innovation domestically while leveraging the comparative advantages of democratic allies and movement toward trustworthy and secure products and networks.

The cybersecurity and supply chain executive orders certainly have limitations in their breadth of reach and are not intended to fill the gaps of a much-needed national technology strategy. However, they can be a significant pivot away from old paradigms and toward tackling the realities of this new world order. In fact, given the daunting scope of these challenges and their direct implications on democracy at home and abroad, starting with a few small steps may be exactly what is needed to jump-start a new strategy focused on the hard work of innovation, security, and defense in an era of technological competition. 

Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company's research and analytic work modeling global ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
5/22/2021 | 7:38:42 PM
Thank You
Great article and I appreciate the connection to the end of the WWII era and the foundations created for the Cold War at the end of the last Century. With regards to supply chain, it seems like the recent EO's from the White House are a step in the right direction but need to continue and go further.


Specifically, incoporate AI and other technology and processes for anomaly detection and Zero Trust, not just on network topology but behavioral elements of users, entities, devices and software processes. 


I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...