Skip to main content
close search
site logo
Dive Brief

Global supply chains grapple with international cyberpowers

Published April 26, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
cyberattack, privacy, connection
Stock Photo via Getty Images

Dive Brief:

  • The federal government includes the private sector in its purview of cybersecurity intentions, which sets cyber standards and invests in next-generation technologies. Significant costs will go into aiding local governments divesting in — "and in some cases rip out and replace" — risky vendors," said Rep. Mike Gallagher, R-WI, said during the Billington CyberSecurity Defense Summit Thursday. Currently, the government doesn't know how deep those existing investments are. 
  • Forcing companies to buy exclusively U.S.-based technology solutions is a non-option, though. The supply chain will never be solely domestic, which means companies and government need a "buy ally" framework, said Gallagher, who is co-chair of the Cyberspace Solarium Commission (CSC). 
  • Funding and investments in allies build that trusted supply chain, not only in the sense of supporting private industry but the analysis required for understanding what makes a partner trustworthy, said Suzanne Spaulding, senior advisor for Homeland Security, director of the Defending Democratic Institutions Project, during the panel.

Dive Insight:

As private industry becomes intertwined with geopolitics via cyber, governments will have to grapple with how they balance national security, business continuity and intellectual property protection. For some in the private sector, cooperation can feel like a battle of conflicting interests between the sectors. 

Adversarial behaviors, like the SolarWinds or Microsoft Exchange hacks, are not the only activities that define a cyberpower. Cyberpower is also influenced by technology decisions or policies countries make. For example, the U.S.' unwillingness to deploy China-based Huawei juxtaposed to China's interest in Huawei's international presence. 

Chris Inglis, distinguished visiting professor in cybersecurity studies at the U.S. Naval Academy and President Joe Biden's pick for national cyber director, would like to see Congress adopt more of the CSC's recommendations that bolster contributions to the private sector. 

The government, separately, should have "its own house in order," while increasingly engaging with private industry, he said during the panel. 

The combination of investments and supply chain scrutiny could improve the U.S. international cyberpower standing. 

The dominant cyberpowers of the world are the U.S., China, Russia, Israel and the U.K., according to research from Harvard Kennedy School's Belfer Center. To achieve "cyberpower" status, countries need a combination of capability and intent, not only offensive measures. 

Belfer Center researchers measured the top 10 countries based on cyber power based on publicly available data around 27 indicators. The U.S. ranked first, followed by China, the U.K. and then Russia. Russia ranked as the top country for surveillance activity, the U.S. for control and China for commercial. The U.K. dominated in defense, offense, intelligence and norms. 

Sophisticated operations are not always needed for an adversary to achieve its goals. For example, Russia's SolarWinds compromise was a patient, subtle attack, whereas China's Microsoft Exchange exploitation was a chance opportunity after the vulnerability became public. 

Russia's overall fourth place ranking is due to it's very specific objectives, with strong capabilities solely dedicated to those goals. Russia's intentions typically fall in line with trust erosion, according to the Belfer Center's research. Threat groups intend to undermine trust-based systems used domestically and abroad, using disinformation campaigns or corrupting software updates, as it did with SolarWinds Orion. 

The extent to which the U.S. can strike back is limited. The U.S. is not prepared enough to act offensively, said retired Gen. Keith Alexander, founder and CEO of IronNet, and former commander of the U.S. Cyber Command, during the Thursday summit. 

"You're not ready for a fight in cyberspace, you have more to lose than they do," he said, referring to U.S.-owned IP. 

Alexander sees a solution in collaborating with companies under the defense industrial umbrella, with input from smaller companies. "What we learned from SolarWinds is, their objective was the federal government," he said. "I don't think their target was 18,000 companies. In fact, that would be crazy to try to deal with 18,000 companies … but they got more than they bargained for."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell