Mark Montgomery, senior advisor to the chairmen of the Cyberspace Solarium Commission that last year produced dozens of recommendations to Congress on legislative steps to improve U.S. cybersecurity, said Jan. 19 that the commission is urging Congress in 2021 to adopt a more comprehensive strategy to protect the nation’s information and communications (ICT) supply chain.
Speaking at an event organized by FCW, Montgomery noted that many Solarium recommendations were incorporated into the FY2021 National Defense Authorization Act (NDAA), and said the commission will focus attention this year on its ICT supply chain proposal which singles out United States’ overreliance on Chinese-made equipment.
The commission outlined the ICT proposal in a white paper issued in October 2020. “Dependency on China and other adversary countries for some of our most critical supply chains threatens to undermine the trustworthiness of critical technologies and components that constitute and connect to cyberspace,” the commission said.
“The United States has a China problem in ICT,” Montgomery said in his remarks this week. He reiterated Solarium arguments that China has achieved a dominant position in the worldwide ICT supply chain through a combination of national industrial policy, investments in research and development, state-led theft of intellectual property, and manipulation of international standards bodies.
Montgomery gave credit to some of the discrete efforts in Congress to tackle the ICT supply chain security – along with White House executive orders that aim to address the China supply problem – but said they are likely to only result in “small outcomes” that won’t address the larger problem in a comprehensive way.
What the United States needs instead, he argued, is an “overarching strategy” for ICT supply chain security that unites both the Federal government and the private sector. The United States, he argued, has “leapt into action without a strategic plan.”
Montgomery said the Solarium’s recommended plan involves several steps, including identifying key technology and materials that may include general computing systems, communications systems, and weapons systems; creating “minimum viable manufacturing capacity” for those systems in the United States and allied nations; better protecting United States-friendly supply chains; and stimulating domestic market demand for those technologies and materials.
Part of the Solarium’s recommendation to Congress, Montgomery said, is to create a “supply national intelligence center” to assist in sharing supply chain threat data, and to integrate supply chain intelligence across government and the private sector.
“Now is the time” for the development of a strategic approach to the ICT supply chain problem, Montgomery said, adding “with a new administration it makes it easier to step back” from previous executive orders and figure out gaps in current policy.