In mid-February, the German and Bavarian governments hosted the annual Munich Security Conference, where I had the opportunity to participate in conversations with global leaders on today’s pressing international security challenges. There were many issues on the agenda, including the importance of cooperation on emerging technology issues and the critical need to secure our silicon supply chains. However, the predominant focus in Munich was on Russia’s war on Ukraine; participants not only discussed what we’ve learned from the now year-long war, but what needs to be done going forward to support Ukraine as well as ensure that the U.S. and its allies make relevant investments in the event of future conflicts and crises, particularly with respect to cybersecurity and supply chain resiliency.
To date, media coverage of Ukraine has understandably focused on the highly visible physical damage wrought from Russian air and missile strikes. Less attention has been paid to how Russia has sought, with mixed success, to leverage its offensive cyber capabilities to complement its actions in the kinetic war. While Russian cyberattacks generated successes in the early stages of the invasion, conversations about cybersecurity related to the war often miss the effective countermeasures implemented by the Ukrainian regime. Close partnerships with Western allies and technology companies have enabled Ukraine to adeptly work around and ward off malicious Russian activity by leveraging built-in security features in a wide variety of commercially acquired technologies and services, according to analysis conducted by Microsoft.
The use of these features secured not only critical Ukrainian government systems, but the devices of individual users and broad swathes of the Ukrainian economy. The move to cloud service providers, for example, allowed Ukraine to take advantage of the providers’ increasingly advanced cyber defense and detection tools. Built-in security-by-design features, like end-to-end encrypted messaging included in mobile devices and other technology platforms, have kept communications and data secure. This conflict continues to highlight how valuable these offerings are to protecting governments, end users, and enterprises from cyberattacks initiated by state actors or cyber criminals.
Also illuminated is the fragile nature of U.S. and European defense supply chains and the dangers of reliance on potentially unfriendly countries to underpin vital dual-use technologies. After the Cold War, the peace dividend led to a dramatic downscaling of defense supply chains as militaries demobilized and downsized. The rapid expansion of China’s military capabilities, coupled with rising Russian and Chinese geopolitical ambitions and growing collaboration, compels increased investment by the United States and its allies in securing their defense-related supply chains. This requires boosting capacity to produce and stockpile fundamental supplies such as ammunition, weapons platforms, and medical supplies, and bolstering the security of the supply chain for dual-use technologies such as chips and other computer hardware. A year of supporting Ukraine with munitions has depleted U.S. stockpiles and is straining existing manufacturing capabilities, affecting the ability of the United States to meet the requirements of the current U.S. defense strategy – fighting a major conflict while deterring another conflict. As long as supply chains and stockpiles remain stretched, the United States will be hampered in its ability to respond effectively to global crises.
At the same time, the dialogue at the Munich Security Conference clarified and underscored the urgency of continued investment in and enhanced commitment to security-by-design to ensure stronger insulation from future cyber events. Conversations highlighted the need for additional investments and coordination among allies on defense production and stockpiling, as well as the need for greater stability in technology supply chains. Such enhanced cooperation and coordination among the United States and its allies contribute to the defense of Ukraine as well as our collective security as we move into an increasingly uncertain geopolitical risk environment.
To date, the lessons of the war in Ukraine underscore the urgent need for the United States, and its allies, in Europe and around the globe, to invest and build resilience. This must be a collective effort, with mutual support between the United States and its allies to collectively re-shore key parts of our supply chain—or as many of our allies have termed it, friendshoring. Ultimately, our ability to effectively manage the dynamic security challenges of the 21st century will be largely based on achieving a resilient infrastructure, to include critical networks and supply chains.