Supply Chain Integrity: It’s Not Just Cyber Anymore

By Jay Town

Vulnerable supply chains are the new frontier of national security providing malign foreign actors the ability to conduct cyberattacks, exfiltrate intellectual property and engage in economic espionage. In today’s business landscape, several parties interact with or “touch” valuable data. This increase in the number of interactions correlates to a higher risk of supply chain infiltrations. Even the most secure cyber environments do not protect from counterfeit, corrupted, or obsolete components entering the supply chain. Supply chain risks span across sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions across the enterprise and require a coordinated effort to address. 

Information and communications technology is integral for the daily operations and functionality of U.S. critical infrastructure. If vulnerabilities in the technology supply chain – composed of hardware, software, and managed services from third-party vendors, suppliers, service providers, and contractors – are exploited, the consequences can affect all users of that technology or service. 

While our cyber measures and firewalls are doing well guarding against the external intrusions, the threats attached to the supply chain are delivered on the components themselves directly through our borders. China and other nations depend on our false sense of security, provided by a fortified corporate cyber environment, so they can exploit other supply chain security vulnerabilities. This emerging “Trojan Horse” threat must be addressed directly with defense and offense.  

America’s Supply Chain Problem 

Much of our nation’s supply chain integrity issues stem from our dependence on single and sole source nations, primarily China. The U.S. has spent the last two decades offshoring its domestic supply chains to benefit from low-cost labor and eased environmental regulations. Free trade agreements have extended supply chains farther from American borders. These trade agreements were intended to strengthen and optimize U.S. supply chains, reduce costs and maintain competitive price points. However, they’ve landed U.S. supply chains in a precarious position. 

Despite our reliance upon China for retail goods, commercial products, medical supplies, rare earth minerals and much more, the country is clear about its intentions to jeopardize our national security through supply chain threats. It doesn’t matter whether the products are commercial, industrial or military, Communist China and other nemeses are intent upon corrupting the integrity of every American supply chain.

FBI Director Christopher Wray, during remarks at the Hudson Institute earlier this year, admonished that, “The greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China. It’s a threat to our economic security—and by extension, to our national security.” 

The annual cost to the U.S. economy for counterfeit goods, pirated software and theft of trade secrets is upwards of $600 billion.  The FBI assesses that 80 percent of all federal economic espionage prosecutions have alleged conduct that would benefit China. Additionally, around 60 percent of all intellectual property theft cases have a direct nexus to China.  Bolstering the FBI’s assessment, the National Counterintelligence and Security Center (NCSC), recently warned that “foreign adversaries are attempting to access our nation’s key supply chains at multiple points—from concept to design, manufacture, integration, deployment, and maintenance.”  

NCSC continued by signaling that “foreign adversaries could compromise the integrity, trustworthiness, and authenticity of products and services that underpin government and American industry, or even subvert and disrupt critical networks and systems, operations, products, and weapons platforms in a time of crisis.” We must elevate the role of supply chain security in the acquisition process. 

Strategic Material Vulnerabilities 

Relying on China in our supply chains, especially as it relates to the Defense Industrial Base (DIB), creates a fragility in the marketplace and the national security phalanx. The troubling reality is that the U.S. imports 80 percent of all of its rare earth materials directly from China, with portions of the remainder indirectly sourced from China through other countries, which signals greater anxieties that our strategic supply chains are vulnerable to detrimental manipulation jeopardizing national security.

The Departments of Defense and Interior have since deemed 35 strategic minerals as critical to the DIB supply chain.  The U.S. has virtually no primary production of 22 of these 35 strategic minerals.  America is more than 75 percent import reliant on an additional 10 critical minerals, including titanium and uranium.  Conversely, China ranks as the lead global producer of 16 of those 35 strategic materials and is a near-monopoly producer of rare earth elements, producing over half the world’s aluminum and accounting for a significant share of the steel and ferroalloys imported to the U.S. Over 50 percent of the barite, used in fracking and other energy independence processes, comes from China. Gallium, critical to the production of superconductors for computers, mobile phones and 5G technology, is 100 percent sourced from overseas, 95 percent of which comes from China. The graphite used in batteries, phones and hybrid vehicles all comes from offshore, 60 percent from China.  

Nearly all these strategic materials are critical to the DIB and the manufacturing of rockets and other products.

These are a few examples of how America’s supply chains are being corrupted, contaminated, counterfeited and controlled across all 10 economic sectors, especially our DIB. To fix this problem, we must first concede that our economic sectors are interwoven and interdependent upon the others, and a threat to one is a threat to all.

Supply Chain Integrity is our Collective Responsibility 

Because of the entangled labyrinth of the commercial, military and government manufacturing and production base, with a plethora of touch points in the procurement process presenting constant product security risks, our nation’s supply chain integrity response cannot simply address the DIB, but must foresee fragilities, targets and solutions in all 10 economic sectors.  Our economy and national security are interdependent and, thus, jointly vulnerable to perilous manipulations and disruptions to our supply chains. Not only is the U.S. supply chain ecosystem weakened by the malign influence of foreign adversaries, but can also be compromised quickly by natural disasters, military conflicts and the tectonics of global trade policies. Supply chain security is the collective responsibility of the government and the manufacturing base. 

Our acquisition process, especially in the DIB, can no longer afford to be driven by cost, schedule and performance. DIB contracting is too often over budget, behind schedule and overly complex, making the system more vulnerable and causing contractors to be reluctant to add integrated risk management frameworks into their acquisition systems for fear of losing bids due to additional security controls increasing costs. Since our economic and national security depends upon cyber and supply chain integrity, our security requirements should incentivize reliance on more than the minimum standards or bottom line. 

We have entered an era of asymmetric warfare for which only comprehensive deterrence will be effective. Our enemies exploit our cyber and supply chain vulnerabilities to exfiltrate our intellectual property, corrupt quality and assurance, control production of strategic materials and manipulate our cyber environments. The cost to our nation comes not only in lost innovation, jobs and economic advantage, but also in reduced U.S. military strength, critical mission failure or even loss of life.  The supply chain integrity of the DIB and American manufacturing sectors cannot afford to rely on China or our adversaries, regardless of cost effectiveness. 

ChainShield is the Solution

Counterfeit, corrupted and obsolete components introduced into the DIB supply chain could cause mission failure. These troubling imitation components may not have the technical capability to perform at all. 

That’s why Gray Analytics, in collaboration with SAP NS2, have created ChainShield^TM, a supply chain intelligence and risk management tool designed to provide dynamic, comprehensive awareness and security for our nation’s critical supply chains. 

The platform uses proprietary software technology to allow for a deeper understanding of the origins of our resources and conditions in those source regions that could impact everything from the resource’s current or future availability, including weather patterns or government instability. It will also lend to a better understanding of the integrity of the resource itself, as well as the supplier of that resource and even the supplier’s ownership. This software integrates with Optimum Source International (OSIN) and other available, even proprietary, data sourcing so that your supply chain risk assessments are robust and complete. 

This incomparable software is expected to commercialize this year. For a complimentary demo, contact Gray Analytics or SAP NS2.

reach out to our experts today
to get started Safe . Secure .
Compliant . Gray Analytics keeps you and your operation safe from today's biggest cyber threats.