Fortifying Critical Infrastructure: 5 Insights from U.S. Leaders on Securing Supply Chains

July 18, 2024

Article

The recent Exiger and POLITICO event, “On the Watch: Securing America’s Supply Chain for Critical Infrastructure,” focused on the need for resilient supply chains to bolster national security and safeguard U.S. critical infrastructure amid threats from foreign adversaries.

Exiger CEO Brandon Daniels’ opening remarks underscore the urgency: “Our supply chains are in danger. We’ve seen things like counterfeit metals getting into syringes that deliver lifesaving drugs to people or even into our aircraft. We’ve seen things like Russian software lurking inside of our federal government infrastructure. We’ve seen issues like companies masquerading as U.S. companies that are truly owned by adversaries.”

U.S. leaders from various federal agencies, Congress, and the supply chain industry shared insights on these challenges. Here are five key takeaways:

1. The ‘Silent War’: Supply Chains Are the New Front Line

“Today there is more widespread understanding that our critical infrastructure is on the front lines,” says Brandon Wales, Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA). “It is highly likely that the first shot in the next war will be in cyber targeting of critical infrastructure.”

Major General Cameron Holt, President of Exiger Government Solutions, sees a need for vigilance against foreign adversaries on multiple fronts, emphasizing that the U.S. is in a “silent war” over supply chains and access to critical materials and technologies.

“We’re now coming to grips with the full impact of what the Chinese Communist Party (CCP) has been doing over decades,” he says. “The CCP has really been focused on what America does not see as war, which is economic and information coercion and manipulation in a predatory fashion. And over the decades they’ve been engaged in that in a very methodical process.” (See more of the discussion in the video clip below.)

With these escalations going far beyond IP theft, scale is also a major concern — not only in technological advancement, but also manufacturing and critical infrastructure. “China’s targeting of our critical infrastructure continues unabated, and we should not delude ourselves into thinking that the work that we are doing is going to stop them from trying to achieve their goals,” Wales adds.

In order to remain viable and competitive, U.S. companies and federal agencies alike must be able to withstand very advanced state-actor adversarial threats — and this requires investing in the right technology to gain end-to-end visibility of the relevant supply chains, as well as using the right tools to share risk insights within the U.S. federal agency ecosystem.

2. Cyber Vigilance Required: State-Sponsored Threats Loom Over U.S. Critical Infrastructure

Foreign adversaries — particularly those affiliated with the Chinese government — continue to weaponize cyberspace for the purpose of causing destruction or disruption to U.S. critical infrastructure. Wales says that Chinese hackers have been persistent in targeting sectors that they believe will induce societal panic — not always large assets, but rather carefully selected and geographically dispersed critical infrastructure.

To combat this, Wales emphasizes the need for the private industry — particularly critical infrastructure owners and operators — to prioritize the security of their supply chains against state actors like China and ransomware perpetrators in order to protect national security, economic security, and public health and safety. This includes ensuring physical security measures, as well as implementing better cyber practices and taking a risk-based approach to building supply chain visibility and resilience.

[Watch our webinar on demand: Assuring Software Products in Critical Systems]

3. Overcoming ‘Lawfare’: Government and Industry Must Collaborate

As foreign entities increasingly circumvent regulatory measures, enhanced information sharing between U.S. federal agencies and private industry has become vital to safeguard supply chains for critical infrastructure. While legislation like the 2019 National Defense Authorization Act (NDAA) promotes supply chain resilience, public-private partnerships are essential for mitigating risks and securing resources.

Jeanette McMillian, Assistant Director for the NCSC’s Supply Chain and Cyber Directorate, stresses the need for a safe harbor to mitigate litigation fears, or “lawfare.” This approach would foster improved information sharing between the government and private corporations, enabling quicker identification of problematic suppliers and preventing repeated cyberattacks.

Wales adds, “Our goal is to understand how an attack was conducted and get that information out to the entire ecosystem… That is why the information exchange and the collaboration with industry is so important.”

“It’s a team sport,” says McMillian.

“Our goal is to understand how an attack was conducted and get that information out to the entire ecosystem… That is why the information exchange and the collaboration with industry is so important.”

Jeanette McMillian, Assistant Director for the NCSC's Supply Chain and Cyber Directorate

4. Single-Source Risks: Balancing Cost-Efficiency and National Security

Recent global events in Ukraine and Israel highlight the need for supply chain diversification. These crises have illuminated the risks associated with economic efficiency-driven decisions that often result in single sources of supply, potentially compromising security.

U.S. Rep. Mikie Sherrill (D-NJ) points to some progress on this issue, with legislative efforts to enhance supply chain resilience, boost sourcing diversification, and close information gaps. The 2019 NDAA now requires the military to improve supply chain traceability for suppliers and producers, and it helped prompt a successful intervention in the antimony supply chain, previously dependent on a single source from China. By reviving production at an old gold mine in Idaho, the U.S. was able to diversify its antimony supply, enhancing supply chain resilience while maintaining environmental protection.

“Capacity is a capability,” says Eric Fanning, President and CEO of the Aerospace Industries Association. Paying attention to long-term demand signals to invest in maintaining capacity can boost supply chain resilience. This effort also benefits from AI-driven solutions that help identify alternative sources of supply to mitigate concentration risk.

5. Fortify Your Supply Chain: Embrace AI-Driven, Multi-Tier Visibility

The confluence of geopolitical tensions in Ukraine and Israel, as well as the persistent cyberattacks on U.S. critical infrastructure by Chinese hackers, has highlighted the pressing need for end-to-end supply chain visibility. With 65% of executives lacking visibility beyond their Tier 1 suppliers, the urgency for comprehensive supply chain management tools is clear.

“If you are not investing in tools, such as AI, to get that depth of visibility into your third-party ecosystem, you risk exposure and losing long-term viability,” warns Carrie Wibben, President of Exiger.

To thrive amid evolving threats, U.S. companies and federal agencies must prioritize supply chain resilience, leveraging data-driven technologies like 1Exiger in their core strategies. The 1Exiger platform can deliver the precision required to identify suppliers, customers, and other entities in a third-party ecosystem with potential exposure to sanctions, as well as forced labor or foreign ownership risks.

Technology in the 1Exiger platform suite also offers end-to-end visibility down to the nth tier of suppliers, revealing risk insights at the item, part, and raw material levels of the supply chain.

Request a demo today to see why Exiger is the market leader in AI-driven, multi-tier supply chain visibility.