3rd Party Risk Management , Endpoint Security , Governance & Risk Management

Executive Order Focuses on Supply Chain Risk Management

Biden Administration Effort Comes During Shortage of Semiconductors
Executive Order Focuses on Supply Chain Risk Management

In light of the global shortage of semiconductors, which affects virtually every industry, President Joe Biden signed an executive order Wednesday requiring a federal review of supply chain risks for these chips. Also to be reviewed are supply chain risks for information and communications technology and the pharmaceutical industry, which is responding to the COVID-19 pandemic.

See Also: How Enterprise Browsers Enhance Security and Efficiency

The executive order requires agencies to assess within the next year any risks or disruptions that might cause a shortage of supply or a security issue.

It instructs the U.S. Commerce Department to conduct a review that will identify "risks in the semiconductor manufacturing and advanced packaging supply chains" and offer policy recommendations to address these concerns.

The executive order comes as several industries, including automotive manufacturing, are facing a shortage of semiconductors and microprocessors, which is expected to last through the end of the year, according to a report this week in MarketWatch. Analysts note that the COVID-19 pandemic and the recent trade war between the U.S. and China have had broad effects on chipmakers and their ability to keep up with demand.

"We need to make sure these supply chains are secure and reliable," Biden said during a signing ceremony on Wednesday. "I'm directing senior officials in my administration to work with industrial leaders to identify solutions to this semiconductor shortfall and work very hard with the House and Senate."

The executive order comes as Congress begins to examine the massive supply chain attack that affected SolarWinds and other tech firms and government agencies (see: Senate SolarWinds Hearing: 4 Key Issues Raised).

The U.S. House of Representatives' Oversight and Homeland Security committees will hold hearings about the SolarWinds attack on Friday.

Concerns Over Chips

The Trump administration in August 2020 banned Chinese telecommunication giant Huawei from accessing semiconductors and chips made with U.S. technology, citing security concerns.

The ban was issued after the Federal Communications Commission designated Huawei, along with the Chinese firm ZTE, as national security threats and effectively banned the use of their technology in U.S. networks (see: FCC: Huawei, ZTE Are 'National Security Threats').

The Biden administration is now assessing cybersecurity policies for Chinese tech firms (see: Biden Assesses US Policies on China Cybersecurity Issues).

Overdue Review

The federal government's new effort to assess supply chain risks is long overdue, says Phil Reitinger, a former director of the National Cyber Security Center within the Department of Homeland Security who's now president and CEO of the Global Cyber Alliance.

"Clearly, supply chain security is essential from both a national and homeland security and economic perspective, and the executive order properly raises the government's level of attention," Reitinger says.

He notes that the U.S. Cybersecurity and Infrastructure Security Agency has previously published the National Infrastructure Protection Plan, which tried to call attention to security shortcomings related to supply chains in the chip industry as well as other sectors.

"It will be imperative for the Biden administration to decide how to build the [supply chain] priority into government operations in a lasting way," Reitinger says. "I'm hopeful that this … can lead to a renewed and deeper focus on national critical functions and a reinvestment in the National Infrastructure Protection Plan to enhance its effectiveness."

Congressional Support

The Biden administration should focus not only on improving risk management for the chip supply chain but also on expanding U.S. chip manufacturing, Sens. Marco Rubio, R-Fla., and Chris Coons, D-Del., said in a joint statement.

"While the U.S. still maintains an advantage in semiconductor design, we have lost significant ground in semiconductor manufacturing," the two senators stated. "This loss has placed us in a precarious position, in which U.S. companies are faced with the prospects of relying on foreign suppliers to produce critical national security assets."

Sen. Mark Warner, D-Va., also tied the issue of supply chain security to the broader issue of U.S. manufacturing: "Today's executive order is a good first start, but much more work remains to be done - and quickly - including fully funding several enacted bills related to promoting supply chain security, resiliency and greater American competitiveness in key foundation technologies like semiconductors and wireless infrastructure."

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.