Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Connect Directly
E-Mail vvv

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.

In 1947, as the world rebounded from the devastation of World War II, George Kennan's "Long Telegram" introduced containment, a strategy that guided the United States throughout the Cold War. Today, as the world again attempts to rebound from devastation, the international system is similarly on the brink of a new economy, new geopolitics, and new norms and policies.

Just as Kennan's telegram instigated a reimagined strategy for the post-war era, the United States similarly needs a jump-start now toward a modernized and technology-focused strategy for the post-pandemic world order. Importantly, this impetus must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies. It is not only overdue but absolutely critical to economic and national security.

Related Content:

Biden's Supply Chain Initiative Depends on Cybersecurity Insights

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 10 Security Awareness Training Mistakes to Avoid

What the Executive Orders Aim to Do
The one-two punch of the recent and upcoming executive orders on supply chains and cybersecurity may well be this jump-start and set the foundation for a significant and much-needed shift in US grand strategy.

In April, administration officials began releasing discrete details regarding the anticipated cybersecurity executive order, including data breach disclosure and security requirements, such as multifactor authentication and encryption, inside federal agencies. Framed in part as a response to the SolarWinds supply chain attack, the executive order comes at a time when the United States' tech and cyber strategy lags behind ongoing geopolitical realities. 

As SolarWinds demonstrated, cybersecurity and supply chains are tightly interdependent. The upcoming cybersecurity executive order may include a "software bill of materials" for critical programs to specify the code and components and underscore digital supply chain security. This complements many aspects of February's Executive Order on America's Supply Chains, which similarly places an emphasis on securing critical technologies, including batteries and semiconductors. The supply chain executive order leans heavily on emerging technologies, including securing access to semiconductors, high-capacity batteries, and the materials that create them. Both executive orders address the need for collective economic and national security with allies, like-minded countries, and the private sector as essential to the collective security of all.

Competing Tech Philosophies: Democracy vs. Authoritarianism
Taken together, these two executive orders have the opportunity to reimagine and restructure American strategy on par with the geopolitical and geo-economic tectonic shifts underway. They not only are a response to the techno-authoritarian playbook that continues to spread across the globe, but they also can provide a counterpunch. 

With a focus on data security, data sharing, and collaboration with partners, the cybersecurity executive order can make a global contrast between the techno-authoritarian model — focused on data theft, manipulation, abuse, surveillance, and control — and the nascent digital democracy movement. These are opposing philosophies on technology, and whoever wins this "tech race" will shape the 21st century and the future of democracy. 

A recent ITIF study addresses this competition and denotes the need for a "digital realpolitik" — a guiding doctrine that places digital considerations at the forefront of a national strategy. While these executive orders will not be the entire solution, they can serve as a significant point of departure from previous eras and establish the foundation for an American strategy in this era of geopolitical and technological competition as well as renewed and reimagined geopolitical and technological collaboration. In fact, there is already a bipartisan bill — the Democracy Technology Partnership Act — aimed at fostering this kind of collaboration and innovation among democracies. 

Balancing Inward Investment with Outward Collaboration
Recent incidents including SolarWinds, Exchange, Pulse Secure, and Codecov demonstrate that cybersecurity and supply chains are inextricably linked. As the supply chain executive order notes, "resilient supply chains are secure and diverse." This is why the combination of these two executive orders has the rare opportunity to provide a significant departure point and a unified plan to better prepare the United States for the technological competition that is reshaping the global order. If fully executed, these executive orders have the potential to begin the significant shift toward a comprehensive and integrated technology and geopolitical strategy. 

The biggest risk emerging from these orders is the inherent tendency to look backward and revert to paradigms of previous eras. In fact, the strong economic nationalism spreading across the globe is a great example of this risk. The complexity and interdependence of today's supply chains, coupled with the global and dynamic threat landscape, render economic nationalism a self-defeating strategy. These executive orders, fortunately, balance inward investment with outward collaboration. Each is essential to promote competition, security, and innovation domestically while leveraging the comparative advantages of democratic allies and movement toward trustworthy and secure products and networks.

The cybersecurity and supply chain executive orders certainly have limitations in their breadth of reach and are not intended to fill the gaps of a much-needed national technology strategy. However, they can be a significant pivot away from old paradigms and toward tackling the realities of this new world order. In fact, given the daunting scope of these challenges and their direct implications on democracy at home and abroad, starting with a few small steps may be exactly what is needed to jump-start a new strategy focused on the hard work of innovation, security, and defense in an era of technological competition. 

Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company's research and analytic work modeling global ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Author
5/22/2021 | 7:38:42 PM
Thank You
Great article and I appreciate the connection to the end of the WWII era and the foundations created for the Cold War at the end of the last Century. With regards to supply chain, it seems like the recent EO's from the White House are a step in the right direction but need to continue and go further.


Specifically, incoporate AI and other technology and processes for anomaly detection and Zero Trust, not just on network topology but behavioral elements of users, entities, devices and software processes. 


I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file