On February 24, 2021, President Biden announced a new Executive Order on America’s Supply Chains. The Order provides for two key initiatives, including a 100-day review of the supply chains for certain vital products and a long-term review of supply chains in six different sectors of the U.S. economy, including the information and communications technology (ICT) industrial base.
A Growing Focus on Technology Supply Chains
The Order requires a 100-day review of the supply chains of four products that play a critical role in the U.S. economy: semiconductors, high-capacity batteries, pharmaceuticals, and critical minerals.
While the pharmaceutical supply chain is of particular importance in the era of COVID-19, the three other products reflect a growing concern about the availability and reliability of key technologies used to power the American economy, as semiconductors, high-capacity batteries, and critical minerals are each necessary components of many modern technologies.
Also pursuant to the Order, the Secretary of Commerce and Secretary of Homeland Security will submit a report on supply chains for critical sectors (as yet to be defined) of the ICT industrial base, including the industrial base for the development of ICT software, data, and associated services. Among other factors, the report will include an assessment of critical goods and materials underlying ICT supply chains, the manufacturing or other capabilities necessary to produce the critical goods and materials, and the risks that may disrupt or compromise the supply chains, including risks posed by supply chains’ reliance on digital products that may be vulnerable to failures or exploitation.
Supply Chain Security in the Wake of SolarWinds
The Executive Order reflects a growing concern regarding supply chain security, particularly as both the public and private sectors continue to assess the damage caused by the recent SolarWinds hack, a sophisticated supply chain attack that involved the compromise of a widely used IT management software.
The same week that the Order was announced, the House and Senate held hearings on the SolarWinds attack, seeking to better understand how the attack occurred and how to prevent similar supply chain attacks from occurring in the future. In the Senate hearing, Senate Permanent Select Intelligence Committee Chairman Sen. Mike Warner noted that the SolarWinds hack highlighted “a number of lingering issues” that had been “ignored for too long,” and discussed potential policy proposals for mitigating the risk of supply chain attacks, such as a wider use of multifactor authentication and a mandatory reporting requirement for critical infrastructure.