Solarium Commission looks to boot China from the tech supply chain

The Cyberspace Solarium Commission is looking to shore up security in the information and communications technology (ICT) sector by reducing dependency on suppliers from rival powers, especially China.

"Put bluntly: in the context of our supply chains for ICT, the United States has a China problem," the commission co-chairs Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) wrote in a Commission white paper released Oct. 19.

The Commission was created by Congress in 2019 to develop a consensus-based, strategic vision to protect the U.S. from cyberattack.

"The pandemic showed us the dangers of relying on foreign adversaries for critical technologies and products. We need to learn the right lessons and ensure we don't make the same mistakes again," said Gallagher, (R-Wisc.) in an Oct. 19 statement on the white paper. "This paper provides the blueprint for a whole-of-nation approach to both shore up vulnerabilities within our information and communications technology supply chains and ensure these networks remain stable and secure."

The Commission recommends creating public-private and international partnerships with technology providers to counter China's increasing influence.

"Without an ICT industrial base strategy, America risks falling behind competitively and leaving its citizens at serious risk," the report concludes.

Specifically, the white paper advocates a governmentwide effort to identify risks affecting key technologies including weapons systems, telecommunications gear and general purpose computing equipment. The paper also wants the U.S to build capacity to support increased manufacturing of key technologies in times of crisis. The shift by several big manufacturers that stepped into making medical respirators in response to the COVID-19 pandemic serves as an example of the importance of reserve manufacturing capacity, it said.

The paper also backs fortifying risk management efforts with existing suppliers. Increased intelligence, information sharing and product testing, said the commission, will all help the U.S. deal with a double-edged relationship with China in which that country continues to supply technologies to the U.S. while at the same time presenting a possible threat.

According to the paper, existing efforts could be harnessed to provide a single vision of those threats. Those existing efforts, it said, include DHS's Cybersecurity and Infrastructure Security Agency's Information and Communications Technology Supply Chain Risk Management Task Force and 5G strategy; the President's National Security Telecommunications Advisory Committee; the DOD's Cybersecurity Maturity Model Certification (CMMC) and 5G strategy; the Department of State's Clean Network program; and the National Institute of Standards and Technology's Cyber Supply Chain Risk Management program.

Government agencies, such as the Federal Communications Commission, have a role to play to help stimulate development of U.S. technology manufacturing. The FCC, it said, can help with emerging 5G wireless technologies by tying commercial investment in networks to open standards, as well as working with the DOD to open up more spectrum for commercial use.

The Solarium Commission is also wants the U.S. to counter China's domination of some technology markets, particularly wireless 5G markets. It recommends the U.S. government collaborate with its international partners to insure Chinese companies such as Huawei and ZTE don't get an unfair advantage.

The Chinese government, said the paper, can provide "anticompetive interventions in global markets" for those companies. The U.S. Agency for International Development should work with international partners to develop an assessment to show the risks involved with using Chinese products in infrastructure projects.