Hardening cyber security & supply chain at once
The American Jobs plan that earmarks $55 billion for water industry infrastructure requires that purchases of equipment and technologies be made in America. There is no better time than now to do more than rebuilding American industries. Widespread adoption of Made in America will reduce dependence on imported products and can significantly improve cybersecurity.
Unclogging the Supply Chain
If you are amid a critical automation project that is delayed because of control product supply lead times or being stuck in an offshore shipping container, this could be the result of Covid-related supply chain disruptions. Some automation vendors are reporting lead times of many months for products that would typically be readily available. Will Made in America policies help?
Establishing a buy America first policy today should help future projects. The proposed Supply Chain Resiliency Act is structured to alleviate current supply chain bottlenecks and prevent future disruptions by understanding the dynamics of supply chains and offering financial assistance to help suppliers survive them. The fact that Made in America products will originate on U.S. soil eliminates the logistics, risks and higher costs of offshore sourcing.
Securing the Supply Chain
Dramatically improved cybersecurity can be another important benefit of Made in America. Nation states can and do implement hardware or software “back-doors” in digital products destined for consumption in the U.S. for later exploitation to disrupt operation and the theft of IP.
This is essentially what happened with the 2021 attack on SolarWinds, a large supplier of Orion IT network management software to government agencies. The US Cybersecurity Information and Security Agency believes a Russian Foreign Intelligence Service (SVR) sought access to Orion user networks by embedded spying malware into the Orion source code repository, which would be installed in the end users’ computers during their next upgrade. About 18,000 users uploaded the malware, giving SVR access to their data and networks. Once the Russian malware infected the software update process, its executables were verified, and it was able to perform reconnaissance, elevate privileges and move laterally within the system.
Even as an American company, SolarWinds was infiltrated by a foreign intelligence service. A powerful tool to avoid harm from such an attack, of course, is to source all elements from U.S. companies, where you will have substantially more visibility and auditing of the hardware and software supply chains.
An Important Piece of the Puzzle
While protecting American industries and technologies is reason enough to buy Made in America first, it will also aid in improving automation supply chain resiliency and reducing cybersecurity risk in general. It depends on how well Made in America policies are integrated with other cyber defense layers and secure manufacturing methodologies, but it can result in automation system products that are secure by design. The time is now to rethink Made in America.