Supply Chain Crisis Worsens As Russia’s War Against Ukraine Continues

As Russia’s war against Ukraine escalates and sanctions by the U.S. and other countries intensify, so does their impact on supply chains around the world.

Going through recent events like the U.S.-China trade war, Covid-induced disruptions, followed by the major armed conflict, many firms that had been skeptical about the idea of reshoring and multi-sourcing started to reexamine their options… they are living through the era of disequilibrium, and all of a sudden ‘just-in-case’ sounds more reasonable than ‘just-in-time’…

After the jolts from these successive events…the momentum will be built towards a model of more regionalized supply chains, with weakened linkages in some areas but also strengthened ones in other corners…

Many big tech companies put facilities in Poland and Hungary are quite close to the fire now. It is forcing those companies to shift capacity and volume to safer regions, like North and South America

Source: Forbes Supply Chain Crisis Worsens As Russia’s War Against Ukraine Continues (forbes.com)

FCC Puts Kaspersky on Security Threat List

The Federal Communications Commission recently determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds.  Kaspersky becomes the first security company and first Russian entity to be added to the US security threat list. Companies that appear on the list are ineligible to receive any of the $8 billion available annually under the FCC’s Universal Service Fund. The fund supports telecom services in rural areas or is for low-income consumers or entities like schools, libraries, and hospitals.  The move adds Kaspersky to the same covered list that Huawei and ZTE landed on in 2021.

Source: https://arstechnica.com/information-technology/2022/03/fcc-puts-kaspersky-on-security-threat-list-says-it-poses-unacceptable-risk/

Senate Revving up to Finish COMPETES/USICA Reconciliation

Source: MeriTalk

Senate leadership is making the legislative moves necessary to begin work in earnest on reconciling two different versions of innovation and competition legislation that features billions of funding to boost domestic semiconductor production and create a new technology directorate at the National Science Foundation (NSF).

Along those lines, Senate Majority Leader Chuck Schumer, D-N.Y., filed cloture on the House-passed America Creating Opportunities for Manufacturing, Pre-Eminence in Technology, and Economic Strength (COMPETES) Act on March 17.

On the Senate floor, Schumer then laid out his plan of action that involves the Senate taking up the America COMPETES to amend it with the text of the Senate-passed United States Innovation and Competition Act (USICA), passing it, then sending the resulting legislation back to the House for conferencing.

“Last summer the Senate passed an overwhelmingly bipartisan bill that will bring manufacturing jobs back to America, fix supply chains, fuel scientific research, and ultimately lower costs by a significant amount,” Sen. Schumer said. “The bipartisan bill would be great news for our economy, our entrepreneurs, our innovators, and especially families who are feeling the sting because of the chip shortage.”

“We all know the chip shortage is hurting so many people,” he continued. “It’s hurting the auto industry that’s had to temporarily shut down factories. It’s hurt our tech industry, our health care industry, and so many others. So let’s solve this quickly.”

Each of the bills contains $52 billion to fully fund the CHIPS Act – a measure included in the fiscal year (FY) 2021 National Defense Authorization Act – in addition to other investments in domestic research and development.

Russian Hackers Are Targeting American Oil Refineries

Russian Hackers Are Targeting American Oil Refineries
Source: The Street
Published: March 15, 2022

Cyber criminals are targeting the energy infrastructure in the U.S, including pipelines, refineries and power grids to attack their operations and supply chain systems, experts said. Hackers have targeted oil and gas producers in the past, such as the attack of the Colonial Pipeline, the largest U.S. fuel pipeline that resulted in shortages along the East Coast in April 2021. 

White House Outlines Strategy to Revitalize and Fortify U.S. Manufacturing, Supply Chains

  • The White House has announced key government-wide initiatives for the coming year that are focused on long-term domestic supply chain resilience.
  • The Biden Administration released a capstone report on key actions it has taken over the past year to reduce U.S. supply chain vulnerability across a range of key sectors.
  • As a complement to the capstone report, seven cabinet agencies published reports identifying weaknesses and strategies to strengthen supply chains for these sectors.

Source: White House Outlines Strategy to Revitalize and Fortify U.S. Manufacturing, Supply Chains | Insights | Holland & Knight (hklaw.com)

RSA Conference (RSAC) 2022

San Francisco, CA
June 6-9, 2022

The theme for RSAC 2022 is “Transform.” This conference offers a dialogue on the rapidly evolving information security industry by providing insight into trends and breaking news in information security. It is intended for military, government, academia, and industry information security experts.

Protecting Data & the Supply Chain
This track explores the cascading security requirements of the extended enterprise and the classification, tracking, and protection of data. It covers data protection regulations, DLP and threats to sensitive data, and emerging trends in software supply chain security as well as vendor and partner SLAs, supply chain mapping, continuous enforcement, and how to future-proof vendor contracts and risk assessments for evolving requirements.

For more information, follow these links:

2022 USA | RSA Conference
Trust, but Verify: Protecting Your Business from Supply Chain Attacks | RSA Conference

NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates

NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates
Source: Nextgov
Published: February 22, 2022

The National Institute of Standards and Technology wants to know how it might improve its landmark framework of cybersecurity standards and practices and streamline similar efforts related to particular issues like privacy and supply-chain security. “Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia,” said Commerce Deputy Secretary Don Graves in a news bulletin NIST published Tuesday. “It is critical to their resilience and to our nation’s economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.”

New Pentagon Report Raises Alarm Over Industry Consolidation, Future of Competition

Feb. 16, 2022

Air Force Magazine

The Defense Department faces a future of high-price, sole-source contracts, reduced innovation, and possible critical shortages if it doesn’t take steps to increase competition and the number of suppliers in the defense industrial base, according to a new Pentagon report. But changing the conditions creating the situation won’t be easy, it said.

To prevent these issues, the U.S. must limit further defense industry consolidation; fix intellectual property issues; attract new businesses to the industry—especially small businesses—and put “sector-specific supply chain resiliency plans” into effect for critical items, ranging from missiles to castings, strategic metals, and microelectronics, according to the report, released Feb. 15.

Source: New Pentagon Report Raises Alarm Over Industry Consolidation, Future of Competition – Air Force Magazine

Pentagon Report: State-of-Competition-Within-the-Defense-Industrial-Base

Three Ways to Enhance Supply Chain Cybersecurity

Three Ways To Enhance Supply Chain Cybersecurity
Source: Forbes
Published: February 16, 2022

It’s a familiar headline: Your supply chain may be your biggest cybersecurity risk. And for good reason. Between pressure to maintain business continuity and exceed profits amid inflation and global supply chain issues, organizations across industries have a lot to contend with. This focus elsewhere can lead to threat actors slipping under the radar more easily while also making a big splash. For instance, beyond the potential exposure of credit card data, we’ve seen a rise in ransomware and nation-state threat activity in an attempt to further disrupt stressed infrastructures. While these challenges are broad, if we approach cybersecurity as a collective whole, rather than as individual organizations, they are not insurmountable.