New to the Endangered List: America's Infrastructure

June 12, 2018 Topic: Security Region: Americas Tags: Donald Trumpnational securityChinaspyTechnology

New to the Endangered List: America's Infrastructure

The desire for inexpensive goods cannot override our need for national security.

The Trump administration is right to say that we need significant changes to our trade strategy. What should it be and how it balances economic and trade interests with national-security concerns such as distinguishing between allied or adversarial power, is complex. No trade grand strategy balancing these factors has emerged yet. What we have had, however, has been a focus on individual sectors like communications/technology, aluminum and steel, farm or dairy products and automobiles. This has occasioned a lot of anger and outrage from the G7 partners and elsewhere, but in truth, we haven't even yet scratched the surface of what our national interest requires.

This March, President Trump imposed worldwide tariffs on steel and aluminum, but exempted Canada, Mexico and the EU. A few days later, he imposed tariffs of 25 percent on imported steel and 10 percent on imported aluminum from those countries he had previously exempted.

It is of course important to assure that the American industry is robust, but our trade strategy needs to be about much more than that. There are four key concerns:

1. For important goods, the United States must not be dependent on only one supplier. Even if this supplier is in a friendly country, a natural disaster or a bankruptcy or a host of other unpredictable disruptions can then leave us abruptly high and dry.

2. If this sole or most important supplier is in an adversarial country, added to this is the possibility of deliberate disruption and the ability to exert undue pressure.

 

3. In the case of some products, their component parts or assembly, we are vulnerable to tampering, the inclusion of spyware or malware and the ability to disable items remotely.

4. Outsourcing increasingly amounts to giving away U.S. technology, including to hostile countries, losing our edge, and essentially funding the research-and-development sectors of those countries.

Today, none of the “Made in America” efforts look at where the individual components are made. Where do the circuit boards and other individual components come from?

Is it possible to build any technology product using parts where everything is sourced in the United States? Even if you could, where do the raw materials come from? For items assembled here, where do the parts originate?

While there has been much discussion about moving the Information and Communication Technology (ICT) sector away from hostile countries, there is far more at stake than just IT systems. China right now has the ability to affect not just the ICT sector but the entire U.S. infrastructure.

Having spent most of my professional life working national security and continuity issues has sensitized me to the importance of seeing the implications on all of our critical infrastructure and key resources. Taking the example of large power transformers (LPTs), the U.S. Department of Energy stated “In 2010, the United States’ demand for LPTs was 127,309 MVA, valued at over $1 billion USD (see Table 4).82 Only 15 percent of the Nation’s demand, or 19 percent in terms of sales value, was met through domestic production.”

What this means is that the U.S. energy sector is highly vulnerable to the whims of foreign corporations and governments. And the same holds true for virtually all of the industries needed to keep this country running. Our generally blasé attitude to this quite dramatic circumstance is hard to understand.

The aging U.S. infrastructure is susceptible to hardware shortages caused by malicious actors, natural disasters, or the simple passage of time, and it is compounded by the country’s dependence on single sources. Recent history has shown us that putting all of our eggs in one basket (be it China or elsewhere) can have disastrous results. This includes unintentional events such as the shortage of integrated circuits and paint pigments following the tsunami in Japan in 2011. Of greater concern are the eminently conceivable scenarios in which the supply problem is deliberate and the affected industry is critical.

Here’s what we need to do and where we should start. It won't be quick or easy, but it is vital for our national security and we must begin right away.

First and foremost, we need to identify the sectors and specific items that are vital to our national security. This includes consumer goods like communication and infrastructure supporting devices such as cell phones, computers, life-supporting appliances, automobiles and foodstuffs as well as infrastructure such as energy and communications grids, water, pipelines and transportation. Once identified, we need to do a prioritization of those industries and the defined risks to each. This will allow us to determine the best course of action to neutralize or at least reduce those risks.

If the risk to an industry comes from offshore production because of the possibility of malicious software or systems installed at the source, which we have deemed to be untrustworthy, then we have an obligation to not only find a new source, but also to question all other imports from that country. Is it possible for our critical infrastructure to be held hostage by raising prices or throttling availability of spare parts and systems? We need to continually ask ourselves if trade with a specific country like China, motivated by diplomatic considerations or because of wage and price advantages, is more important than national security. The answer appears clear. Obviously, the desire for inexpensive goods cannot override our need for national security.

If the risk comes from a sole source, which may fail or which simply has too much leverage over us, then we need to assure that there are alternate sources—the same supplier with different factories, or an alternate supplier. Such alternative sources need to be identified long before a disruption. The same holds true for natural disasters. If a supplier is located in an area susceptible to natural disasters—and between storms, earthquakes and floods, nearly everyone is—then we, as a nation, need to assure that alternate sources are pre-identified and available. In all cases, at least for critical items, we need to assure that the supplier has contingency plans in place since we cannot blindly assume—as demonstrated in the above examples—that suppliers already have robust business continuity plans.

Every Critical Infrastructure sector must know where all of the equipment and subsystems are coming from. Software must be vetted carefully to assure that outsiders cannot intentionally or inadvertently assume control of our systems—we need to ramp up our cybersecurity efforts for our infrastructure, as this threat is real and imminent. And it comes not only from malicious actors but also from the governments of the very countries where we are sourcing the equipment and technology.

There is a big difference between isolationism and being mindful of national security. We must also be watchful of who our friends are and who wishes to do us harm. Do we really want to continue to support economies and companies like ZTE that blatantly sold U.S.-made products to Iran and North Korea, that have proven themselves no better than a hacker who sends out ransomware?

We need to take strong measures against these individual companies and the governments that support them. We must remember that China appears to have been behind the hack of the Office of Personnel Management in 2014 that stole the data of nearly every U.S. government employee with a security clearance, while just last week they were implicated in the hack and theft of classified data from a U.S. Navy contractor. This is the economic equivalent of state sponsored terrorism and we cannot allow ourselves to continue down this path of self-destructive behavior in order to keep the shelves stocked with cheap consumer goods.

In some cases, a transitional approach will be necessary, in which we first find reliable vendors from friendly foreign countries to supply our needs while we build our domestic capability. And we will need a much more comprehensive and sophisticated way to scrutinize imported systems from foreign sources, to assure that we’re not getting unwanted “value added” spyware or malware.

While fair trading deals with everyone are important, we need to re-gear our trade strategy to be aligned with contemporary technological and geopolitical realities. We have every right, and indeed we have the obligation, to protect our infrastructure and resources and to keep our intellectual property out of the hands of those who wish to do us harm, as well as to retain it for our own economic benefit.

Charles Benard spent the majority of his career establishing continuity of government and national-security programs. He now advises corporations on national security and continuity threats.

Image: Commerce Secretary Wilbur Ross holds a news conference to make an announcement, after a background conference call with Commerce, Justice Department and Treasury Department officials at the Department of Commerce in Washington, U.S., March 7, 2017. REUTERS/Eric Thayer