Recommendation

Congress should charge DHS with analyzing national security risks in the telecommunications supply chain on an ongoing basis.

Details

As telecommunications supply chains grow ever more complex, networks in the United States may rely on systems and components sourced from countries that may contain vulnerabilities. While it makes sense to confront the practice of innovation mercantilism that helps some of these products achieve success in the global market, further action to assure the security of the U.S. telecommunications supply chain should be a part of a broader trade policy strategy. Ideally this would be through open, ongoing review of these companies’ equipment and practices.

Keep reading:

▪ Doug Brake, Testimony before the U.S.-China Economic and Security Review Commission, March 8, 2018, https://itif.org/publications/2018/03/08/testimony-us-china-economic-and-security-review-commission-next-generation/.

▪ Robert D. Atkinson et al., “Stopping China’s Mercantilism: A Doctrine of Constructive, Alliance-Backed Confrontation” (ITIF, March 2017), https://itif.org/publications/2017/03/16/stopping-chinas-mercantilism-doctrine-constructive-alliance-backed.

Updates

This recommendation has been addressed through a series of actions by the Trump and Biden administrations. The Cybersecurity and Infrastructure Security Agency Act, enacted in November 2018, established the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for “protecting the Nation’s critical infrastructure from physical and cyber threats,” including threats pertaining to supply chains for telecommunications networks. The Department of Homeland Security then established the ICT SCRM Task Force in December 2018 to identify challenges and develop actionable solutions to enhance global ICT supply chain resilience. President Trump subsequently issued an executive order in March 2019 to secure ICT and ICT services supply chains.

DHS later established a Supply Chain Resilience Center after President Biden issued an executive order in February 2021 directing a whole-of-government approach to reviewing risks in, and strengthening the resilience of, supply chains supporting industries that are critical to U.S. economic prosperity and national security.

Further details:

▪ Cybersecurity and Infrastructure Security Act of 2018, H.R.3359, 115th Congress, November, 2018, https://www.congress.gov/115/statute/STATUTE-132/STATUTE-132-Pg4168.pdf.

▪ Executive Order 13873 of May 15, 2019, “Securing the Information and Communications Technology and Services Supply Chain,” FR Doc. 2019-10538, https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain.

▪ Executive Order 14017, February 24, 2021, “America’s Supply Chains,” FR Doc. 2021-04280, https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/02/24/executive-order-on-americas-supply-chains/.

▪ DHS, ICT Supply Chain Risk Management Task Force, https://www.cisa.gov/resources-tools/groups/ict-supply-chain-risk-management-task-force.

▪ DHS, Supply Chain Resilience Center (SCRC), https://www.dhs.gov/scrc.