Supply chain incidents have surged to the forefront of homeland security risks. Over the past several years, supply chain breaches, as a means for cyber attacks, have significantly increased and are now considered one of the primary methods adversaries use to access networks and cause harm. The SolarWinds breach, exposing sensitive network data to Russian-affiliated government actors, is a notable example that prompted substantial activity in the homeland security space to mitigate associated risks and strengthen defenses based on lessons learned. Cybersecurity analytic firms report that supply chain attacks are on the rise, ranking among the top attack vectors for cyber adversaries.
Cyber incidents have also impacted the functioning of supply chains and the movement of goods. In 2017, the exploitation of the NotPetya malware by the Russian government temporarily shut down U.S. ports and cost FedEx $300 million in lost revenue from shipping and logistics. Similarly, the 2021 cyber attack on the Colonial Pipeline resulted in fuel shortages on the East Coast for several days.
However, cyber attacks are not the sole supply chain risks to the U.S. homeland and global supply chains. Atrocities committed by the Russian government in Ukraine, coupled with economic warfare, have led to energy shortages across Europe and shortages of crucial supplies globally. The conflict in Gaza between Israel and Hamas is expected to have similar impacts on energy and technology markets. As noted by Gen. James Jones and former DHS Assistant Secretary Brian Harrell in The Messenger, “The war of today is all-encompassing. The front lines are not just on the battlefield but in our data and supply chains.”
Supply chain shocks are not solely caused by adversaries. Homeland security professionals nationwide have grappled with significant supply shortages stemming from economic factors, natural disasters, regulatory concerns, and health crises. This includes the impact of the COVID pandemic, shortages of essential goods like baby formula, and port closures due to flooding, wind damage, and labor strife.
These examples underscore why supply chain shocks remain prominent on my homeland security risk register. Consequently, supply chain security and resilience must be a mission priority.
The Biden Administration recognizes this, evident in its recent steps to strengthen American supply chains. With the establishment of the White House Council on Supply Chain Resilience, the Administration has taken a significant stride toward enhancing the resilience of critical supply chains in the face of global shocks.
In conjunction with the Cabinet-level Council, the Federal government has committed to bolstering its cross-governmental supply chain capabilities. This encompasses expanding supply chain data and analytical availability, investing in critical supply chains, and implementing planning and exercises to assess resilience. Additionally, fortified supply chain resilience structures will be established within the Department of Commerce, the Department of Homeland Security, and the Department of Transportation.
As a follow-up to the White House announcement, DHS Secretary Alejandro Mayorkas provided further details about DHS’ role in enhancing the mission. This includes the creation of a Supply Chain Resilience Center focusing on security at strategic seaports, partnering with owners of strategically valuable infrastructure, and hosting two tabletop exercises in 2024 on the resilience of cross-border supply chains.
These initiatives build on earlier work stemming from a February 2021 Executive Order. In that order, the President tasked agencies with making recommendations on strengthening supply chains and supply bases for goods and materials essential to critical infrastructure. These recommendations, made public in 2022, clearly influenced the actions taken by the White House this week.
The Administration’s actions reveal a strategy for strengthening America’s supply chains and a commitment by the Executive Branch, with crucial funding support and increased authorities from Congress, to invest in that strategy.
In my view, the pillars of the strategy include:
- Enhanced real-time data, risk monitoring, and information sharing across the government and between the government and the private sector to anticipate supply shocks.
- Efforts to address excessive supply chain interdependence between the U.S. and adversaries, using regulatory action and enforcement tools to reduce that risk.
- A commitment to building alliances for coordinating supply availability and sharing information about supply chain vulnerabilities.
- A willingness to use government tools, including the Defense Production Act and other Federal incentives, to stimulate markets for supplies and incentivize resilience.
- A risk-based focus on the materials most critical to America’s economic competitiveness.
- Increased scenario planning and exercises addressing supply chain incidents.
For the homeland security community, each of these pillars carries implications. Integrating supply chain threat and vulnerability information with other homeland security information is an increasing imperative, necessitating structural and process improvements. Ensuring that security and resilience considerations are part of acquisition decisions for critical goods and technologies should be standard business practice. Monitoring critical supplies based on a risk-based understanding of what matters to critical functions must be part of homeland security analysis and stress tested. Notably, achieving all of the above depends on public-private collaboration and a commitment to investing in risk mitigation.
Ultimately, like most homeland security issues, the Federal government plays a role in risk mitigation, but it depends on a whole-of-community effort. Smart policy, executive commitment, investments, and reducing barriers to information sharing help activate that effort. With the announcements this week, let’s hope that the White House has continued the bipartisan trend toward strengthening America’s supply chains, unquestionably enhancing critical infrastructure security, resilience, and our Nation’s economic and national security.