Cybersecurity in the digital supply chain – decoupling accelerated by COVID-19

 

Introduction 

International affairs are affected by the technological change to the extent which is hard to grasp and fully understandEmerging digital technologies such as 5G or artificial intelligence have exacerbated the global struggle for power and domination. The complexities in the digital supply chain and the challenges regarding the decoupling might be called modern technological Gordian knots. Cutting them requires bold moves and decisions bringing at the same time unpredictable consequencesThe recent social and economic crisis caused by the outbreak of the COVID-19 pandemic highlighted a major obstacle to digital autonomy stemming from the dependencies within global supply chains. The pandemic underlines the dangers of an overreliance on overseas manufacturing capacities and raw material imports that are critical to the functioning of the modern digital economy. 

During the webinar the following aspects related to the supply chains were highlighted: Europe and its position in the global technological supply chains; the need for the strong alliance of like-minded countries; decoupling – EU approach and willingness to follow this path; COVID-19 – supply-chain implications. 

As one of the main goals of the meeting was to clarify challenges and important points in the discussion on the subject of supply chains, very often more questions than answers appeared. We believe that this would be food-for-thought material to stimulate and serve public debate and multi-stakeholder approach. 

Europe and its position in the global technological supply chains 

In the last years we have seen the EU extending or broadening its concept of strategic autonomy to comprise various policy sectors such as cybersecurity, telecommunication, AI, cloud computing, space, medical assets, and for each one of them the question of supply chain plays a major role. To many, the European Union is a regulatory power, able to influence other actors through the promotion and export of its regulatory and standardisation frameworks. European countries, in their approach to foreign suppliers, tend to increase their requirements as regards reliability and cybersecurity. An example of that is the ongoing debate around the 5G networks and the existing EU toolbox for 5G security where the EU underlines the need to look at a variety of aspects (also non-technical) and risks related to foreign suppliers (that are being for instance subject to interference from their governmentsas exemplified by the National Intelligence Law of the PRC). 

Also, the EU can enhance its role in the global digital race through the investments and funding programmes in the post-COVID-19 period, like the Connecting Europe Facility or Next Generation EUAnother opportunity lies in the bolstering of the European Digital Single Market. 

The need for the strong alliance of like-minded countries 

The geopolitical debate is constantly evolving and various initiatives and wide coalitions of like-minded countries that are trying to deal with these challenges are emerging. One of them is the D-10 (G-7 countries plus Australia, South Korea, and India), initiative originated already few years ago by the Atlantic Council, which is now regaining its attention because of the UK government support towards forging the alliance of democratic countries that would address the issues of both 5G networks and supply chain vulnerabilities. 

One of the things that experts agree upon while framing common approach to cybersecurity among like-minded countries is that it is crucial to build alternatives to the existing products and services in order to have a sustainable approach to the security issues. The debate should focus on how we can have more suppliers in the market, as in the globalised world there are still going to be inter-dependencies between countries and having the alternatives is an imperative must. Also, there is a need to start thinking how risks are going to be mitigated. 5G is not the finishing line. There will also be 6G and 7G networks and other breakthrough technologies. Even with the alternatives in the market, risks will always be there and we need to learn how to manage them. First of all, the reactive and episodic approach should be complemented by long-term strategies. 

One of the worrying trends that might cause some challenges in the area of EU common approach towards the supply chains is that we can observe two parallel processes. In western European countries, there is a strong push for autonomy and gaining the control over national infrastructure and assets. In the eastern European countries, however, the focus is more on the investments (even from companies coming from outside Europe). From the perspective of the CEE region, there are many opportunities and chances arising from decoupling and the need to reshore some US and global companies particularly to CEE. There is also need to attract more FDI and allocate tech investments on the high level of value chains, such as R&D centers or SOCs. 

Decoupling – EU approach and willingness to follow this path 

One of the most important aspects while analysing benefits and challenges of the decoupling is the question whether we can afford to foster this process. The intertwining of interconnections in the global economy that is brought upon by the global supply chains is not perceived only as a profit maximisation process. To many, interdependencies are also a tool of influence that helps to render both governments and companies accountable, thus creating a more stable global playing field. Global supply chains mean the export and import of norms, values, and standards as well. Thus, the question arises to what extent we can afford to retain this level of influence in a world that is accelerating in decoupling. 

There is a risk associated with pursuing too radical splitsIt might result in unintended consequences or failures both on the supply and on the demand side. Following the logic of complete bifurcation, we can end up with a divided world in which on the one hand there is a set of for instance Chinese suppliers and on the other a large block of like-minded Western countries following their own rules regarding supply chains. The question arises – what about the rest of the world? Are countries from Africa, Latin America, or Asia going to buy “Western-based” tech? Is price going to be a determinant or rather security and quality of the products and services? The problem is very complex and decision-makers must find ways and work together to answer those questions. 

From the global perspective, the challenge of the debate related to the dependencies in the supply chain and strategic autonomy is the need for a mind shift across countries, governments, and the private sector. It will entail huge changes for the policy-making landscape as strategic autonomy and the moves towards decoupling will involve market interventions, common industrial policies long-term decisions, which might reinterpret interests and perspectives of the private sector. 

Next to the threats , there are of course also opportunities and chances deriving from decoupling that need to be considered. In the context of the CEE region for instance, which is a market with huge innovation and human resources potential, allocating the tech investments (on the high level of value chains, such as R&D centres, SOCs, data centres, e-commerce centres) and developing regional digital infrastructure can boost the economic growth considerably. 

COVID-19 – supply-chain implications 

The current social and economic crisis that was caused by the outbreak of COVID-19 pandemic has brought us to a very peculiar moment in terms of decoupling. The so-called world’s factory – China – has been stopped for a brief period which has sent shocks throughout the supply chains which could be felt in different parts of the world. Thus, the COVID-19 crisis in general has brought us to a point where we could actually witness for a moment what a closed world with globalisation put to a halt looks like. Some experts consider it to be a good starting point in trying to devise decoupling. Unprecedently, it has put the economies in a position where we could observe what the consequences are and where to look for opportunities to overcome the negative shocks that are associated with this process. Under typical circumstances, such experiments are not possible in the economy. 

From the EU perspective, a discussion about recovery plan is ongoing (the so-called Next Generation EU) and not all Member States have the same approach towards funding it and more specifically, towards the areas that should be financed. Europe is still very much fragmented and we need to work on a common vision of the future. Without it, it is difficult today to see where to invest and also what technologies and companies Europe should support. 

Join us at the panel discussion at the CYBERSEC GLOBAL 2020 (28–29 September) which will further explore the topic of supply chains and strategic autonomy. 

More information. 

  

Webinar’s participants:  

  1. Martin Achimovič – Director, NATO Counter Intelligence Centre of Excellence 
  2. Izabela Albrycht – Chair, The Kosciuszko Institute; President, Organising Committee of the European Cybersecurity Forum – CYBERSEC 
  3. Bonnie Butlin – Co-founder & Executive Director, Security Partners’ Forum 
  4. Tadeusz Chomicki – Ambassador for Cyber & Tech Affairs, Security Policy Department, Polish Ministry of Foreign Affairs 
  5. Paolo Grassia – Director of Public Policy, ETNO 
  6. Levente Juhasz – Public Policy and Government Relations Manager, Google 
  7. Julian King – European Commissioner for the Security Union (20162019) 
  8. Robert Krawiec – British Embassy in Poland representative 
  9. Ciaran Martin – CEO, National Cyber Security Centre of the UK 
  10. Robert Muggah – Principal, SecDev Group 
  11. Christopher Painter – President, The Global Forum on Cyber Expertise; Commissioner, Global Commission on Stability of Cyberspace; Former Coordinator for Cyber Issues, US State Department 
  12. Florian Pennings – Cybersecurity Policy Manager, EU Government Affairs, Microsoft 
  13. Magdalena Petryniak – Communication Advisor, The Kosciuszko Institute 
  14. Luigi Rebuffi – Secretary General, European Cyber Security Organisation 
  15. Michał Rekowski – Director, Strategic Partnerships and Projects, The Kosciuszko Institute 
  16. Andrea Rodriguez – CYBERSEC 2019 Young Leader, Intl. Masters in Security, Intelligence and Strategic Studies programme, University of Glasgow, Dublin City University and Charles University in Prague