Governments and corporations are increasingly recognizing that ICT supply chain risk is a critical part of the cybersecurity and privacy risk calculus and have taken actions to mitigate it. In some cases, governments are retreating to “TechNationalism,” creating barriers to trade based on concerns about national security, cybersecurity risk, economic competitiveness, and domestic political considerations. These barriers directly target foreign ICT providers and disrupt the technological innovation and supplier diversity that the global ICT marketplace thrives on, which can actually increase cybersecurity risk. This breakthrough group is working to bring objective, risk-based standards into the conversation to ensure that the most secure products and services are available worldwide.

Accomplishments:

In May 2020, the breakthrough group released a report Weathering TechNationalism: A Security and Trustworthiness Framework to Manage Cyber Supply Chain Risk. This report addresses the challenge of securing ICT products and services, in the context of complicated geopolitical tensions and national security concerns. It provides a framework to better overcome the trust gap between ICT buyers, vendors, and operators and their respective governments, and contribute to higher confidence in overall ICT security rather than relying on TechNationalism.

This report evolved out of an effort to examine the dynamics around increasingly protectionist measures on global ICT trade. The EastWest Institute began by convening 40 international experts from industry, government, and academia for a special workshop on TechNationalism at its 2018 Palo Alto Progress Roundtable where they discussed drivers behind current measures and provided scenarios for the future global trade of secure ICT products and services.

In 2016, this breakthrough group published Purchasing Secure ICT Products and Services: A Buyers Guide, which outlines questions that ICT consumers can ask their suppliers to understand how to manage security risks, including supply chain risk, introduced into enterprises by commercial technology. This unique resource is intended for all organizations interested in acquiring more secure information and communications technology products and services. The report has received wide media coverage and was featured in The Wall Street Journal. It was also presented at numerous conferences and events since its release.

Goals:

Following the release of its report, this breakthrough group is focused on promoting the publication and discussing the recommendations with policymakers and industry leaders. The 2020 report contains an action roadmap laying out concrete steps forward for both government and industry. Accordingly, the breakthrough group will identify opportunities to bring these stakeholders together to discuss ways to improve ICT supply chain security without having to resort to TechNationalism and its unintended consequences.

EWI PUBLICATIONS:

Weathering TechNationalism: A Security and Trustworthiness Framework to Manage Cyber Supply Chain Risk  (中文)

Purchasing Secure ICT Products and Services: A Buyers Guide

Resetting the System: Why Highly Secure Computing Should Be the Priority of Cybersecurity Policies

RELATED PUBLICATIONS:

Cyber Security Perspectives – 100 requirements when considering end-to-end cyber security with your technology vendors