11 September 2021

Combatting Defense Supply Chain and Critical Infrastructure Vulnerability with AI

McDaniel Wicker

“Amateurs talk about strategy…Professionals talk about logistics,” said U.S. Marine Corps Gen. Robert Barrow when discussing the true key to warfighting. The advice holds true in the wider context of national security, and over the past weeks, the professionals in Washington have spent plenty of time talking about logistics. Recently, the House Armed Services Committee released a bipartisan report on the need to protect defense supply chains, and the White House has issued a National Security Memorandum about the strategic importance of defending the country’s critical infrastructure.

While separate initiatives, both the Congressional report and the memo address the need to secure the logistics networks that underpin both our daily lives and America’s ability to defend itself. The two documents also emphasize the necessity of leveraging technology and private sector expertise to overcome security challenges. Whether ensuring pipelines and energy networks remain online or guaranteeing the U.S. military has the required tools and equipment, effective use of publicly available information is critical to success.

Understanding the Risks

The COVID-19 pandemic exposed the vulnerabilities in modern supply chains—critical components of everything from toilet paper to medicine to munitions could not be sourced as factories and whole countries shut down. As made clear in the House report, defense supply chains are no different, and the Pentagon is pursuing strategies for achieving more comprehensive visibility into the exact origins of its tools, technology, equipment and weaponry. Effectively mapping supply chains is a critical national security priority. Knowing where material comes from can help to mitigate risk in the event of another pandemic-level event or in case an adversary like China or Russia attempts to interrupt America’s warfighting capability by cutting or slowing supply chains.

Assessing defense supply chain risk boils down to understanding the relationships of the contracting organizations that support the government’s mission. The public record on how companies are connected and how individuals relate to companies through ownership or executive positions is quite extensive, and it is also often very complex and hard to see clearly. Developing a comprehensive picture requires advanced tools that can thoroughly scour multiple data sources regardless of language; these tools must also automatically understand relationships and network dynamics. Using advanced technology—including artificial intelligence and machine learning processes—supply chains can be mapped and potential gaps or pain points identified, from connections with sanctioned parties and adversary-controlled entities to distribution bottlenecks and sole-source suppliers.

This process is fundamental to securing our defense supply chain as the U.S. seeks to ensure we have the rare earth elements, chemicals, materials and technology we need from sources we can trust. However, supply chain awareness is also vital to protecting America’s critical infrastructure. Each infrastructure sector has its own network for delivery, monitoring, and maintenance, and they all rely on systems, equipment, and components from around the world. Maintaining these networks in times of crisis and ensuring the trustworthiness of individual components presents a serious challenge for U.S. leaders. Fortunately, private sector expertise can alleviate much of the burden and help mitigate the danger.

Bolstering Cyber Defense with Public Data

While maintaining the physical integrity of critical infrastructure is important, the challenges of cybersecurity are paramount, as highlighted by the White House’s actions and the recent spate of hacks and ransomware attacks. Indeed, President Joe Biden recently warned of the very real risk that cyber actions could easily lead to kinetic war. Hardening critical infrastructure against cyberattacks will partly depend on the use of quality technical components; the processors, motherboards, circuits and software used with pipelines, power grids and production facilities must come from trusted, validated origins or risk being tainted with zero-day exploits and backdoor access by bad actors. This clearly shows the nexus between supply chains and cybersecurity.

On a technical front, combating cyber threats also requires a robust monitoring capability that can track threats and developments around the world. As government and industry coordinate efforts to prevent and respond to attacks, cybersecurity experts need tools that can persistently and automatically search for indicators of attack around the world and across the internet. These resources can be leveraged to identify elements threatening our supply chains, especially on the deep and dark web where cyber criminals and state-backed actors routinely operate. Such persistent monitoring may alert officials to potential leaks, may help identify system weaknesses, and may assist in exposing nefarious parties for future targeting by law enforcement.

All Hands on Deck: Public-Private Collaboration

The logistical challenges facing the country are huge and must be met. As noted above, the good news is that the government does not have to overcome these challenges alone. By continually seeking publicly available information sources that can identify where supply chains are vulnerable and infrastructure is most at risk, industry tools can help keep bad actors at bay. Success moving forward will depend on a concerted effort between the government and experts in the private sector, which will ultimately solidify America’s security and ensure mission needs are met.

No comments: