New to the Endangered List: America's Infrastructure
If the risk to an industry comes from offshore production because of the possibility of malicious software or systems installed at the source, which we have deemed to be untrustworthy, then we have an obligation to not only find a new source, but also to question all other imports from that country. Is it possible for our critical infrastructure to be held hostage by raising prices or throttling availability of spare parts and systems? We need to continually ask ourselves if trade with a specific country like China, motivated by diplomatic considerations or because of wage and price advantages, is more important than national security. The answer appears clear. Obviously, the desire for inexpensive goods cannot override our need for national security.
If the risk comes from a sole source, which may fail or which simply has too much leverage over us, then we need to assure that there are alternate sources—the same supplier with different factories, or an alternate supplier. Such alternative sources need to be identified long before a disruption. The same holds true for natural disasters. If a supplier is located in an area susceptible to natural disasters—and between storms, earthquakes and floods, nearly everyone is—then we, as a nation, need to assure that alternate sources are pre-identified and available. In all cases, at least for critical items, we need to assure that the supplier has contingency plans in place since we cannot blindly assume—as demonstrated in the above examples—that suppliers already have robust business continuity plans.
Every Critical Infrastructure sector must know where all of the equipment and subsystems are coming from. Software must be vetted carefully to assure that outsiders cannot intentionally or inadvertently assume control of our systems—we need to ramp up our cybersecurity efforts for our infrastructure, as this threat is real and imminent. And it comes not only from malicious actors but also from the governments of the very countries where we are sourcing the equipment and technology.
There is a big difference between isolationism and being mindful of national security. We must also be watchful of who our friends are and who wishes to do us harm. Do we really want to continue to support economies and companies like ZTE that blatantly sold U.S.-made products to Iran and North Korea, that have proven themselves no better than a hacker who sends out ransomware?
We need to take strong measures against these individual companies and the governments that support them. We must remember that China appears to have been behind the hack of the Office of Personnel Management in 2014 that stole the data of nearly every U.S. government employee with a security clearance, while just last week they were implicated in the hack and theft of classified data from a U.S. Navy contractor. This is the economic equivalent of state sponsored terrorism and we cannot allow ourselves to continue down this path of self-destructive behavior in order to keep the shelves stocked with cheap consumer goods.
In some cases, a transitional approach will be necessary, in which we first find reliable vendors from friendly foreign countries to supply our needs while we build our domestic capability. And we will need a much more comprehensive and sophisticated way to scrutinize imported systems from foreign sources, to assure that we’re not getting unwanted “value added” spyware or malware.
While fair trading deals with everyone are important, we need to re-gear our trade strategy to be aligned with contemporary technological and geopolitical realities. We have every right, and indeed we have the obligation, to protect our infrastructure and resources and to keep our intellectual property out of the hands of those who wish to do us harm, as well as to retain it for our own economic benefit.
Charles Benard spent the majority of his career establishing continuity of government and national-security programs. He now advises corporations on national security and continuity threats.