š LESSONS FROM THE SUPPLY CHAIN BREAKDOWN
Cybersecurity creates a multibillion dollar opportunity in industrial operations
Welcome!
Today, we take a look at the new cybersecurity initiatives under the Biden Administration, and what it means for the future of supply chain management.Ā Ā
TL;DR
Pay attention: While this might seem like an unsexy topic, there is a massive opportunity for startups looking to provide cybersecurity compliance as a service (CSaaS) due to the macro trends happening with the global supply chain.
Ransomware attacks are the greatest threat to the integrity of our supply chain, with cybersecurity being vital to the Biden Administrationās efforts to reshore American manufacturing, like semiconductors.
Source code: Here is the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, as well as the CISTās Cybersecurity Performance Goals and Objectives here.
But first, your song of the day:
Globalization = NGMI
It started with Trump and his āAmerica Firstā policies. He committed to bringing back jobs and returning core manufacturing from overseas.Ā It was four years of steel tariffs, a trade war with China, and threats of additional tariffs in places like Mexico to curtail immigration.
Then the pandemic hit, and with it, the risks of just-in-time supply chains were laid bare.Ā We had so little PPE in America that our healthcare workers had to wear garbage bags.Ā A semiconductor crisis has meant used cars were appreciating in value.Ā Empty grocery aisles have become the norm.
The result: Companies cannot reshore fast enough.Ā
And those that once prided themselves on having a complex global supply chain are now in panic mode.Ā Ā Ā Take a look at Apple.Ā
There are murmurs about Appleās vulnerability among the Wall Street crowd, and for good reason.Ā Supply chain workers are warning of a global, system-wide collapse.Ā Thereās a backlog of over 500k containers at the port of Los Angeles right now.Ā Semiconductor suppliers, including Appleās, have had to suspend production because they have lost access to basic electric power in China.Ā
Policymakers are justifiably concerned.
And yet, at the exact same moment where we rush to reshore as much of our manufacturing and critical supply chain infrastructure back to America as we can, something pretty frightening is taking place: Ransomware attacks.
Remember Colonial Pipeline?Ā Ā
The ransomware attack disrupted gasoline supplies on the East Coast so much so that President Biden declared a state of emergency to address the shortages.Ā
People were so afraid that they were willing to wait for hours just to fill up 20-liter jerry cans full of gasoline.Ā GasBuddy became one of the most downloaded apps on the iPhone, rising 900 spots in the course of only a week.Ā Ā
While the gas shortage was temporary, the ransomware attacks were not.Ā
Ransomware attacks continued to wreck havoc on American businesses, hitting companies in industries as diverse as insurance providers, chemical suppliers, beef manufacturers, and yes, even one of Appleās major computer manufacturers.Ā Ā
The critical infrastructure of the American economy is increasingly vulnerable to cyber attacks at the exact same moment when the integrity of the global supply chain is collapsing.
Bad timing.
Critical Infrastructure
To address the ransomware attacks, President Biden issued a National Security Memorandum that tasked the Cybersecurity and Infrastructure Security Agency in coordination with the National Institute of Standards and Technology (NIST) to create cybersecurity goals for companies operating as part of Americaās ācritical infrastructure.āĀ
Here, ācritical infrastructureā isnāt just a handful of utilities companies and some water treatment plants.Ā
It encompasses 16 broad sectors of the American economy, including: commercial real estate, healthcare, banking, car manufacturing, trucking, and wireless services. Itās more work to find industries that do not fall under the ācritical infrastructureā category than those that do.
Back to Biden.Ā The important takeaway from the memo is that the Department of Homeland Security and the Department of Commerce have been tasked with creating goals and metrics on cybersecurity that will apply to massive swaths of the American economy.Ā Ā
To that end, last week the agencies issued their preliminary goals and objectives for following the Biden memo.Ā
In the release, CIST included supply chain risk management as one of its core objectives to āensure that vendor-provided software and patches for control systems are reviewed and tested in a safe environment before deployment.āĀ Additionally, it included incident response requirements that establish a process for streamlining the way companies report cyberattacks to federal authorities.
That last part is extremely important as similar efforts are underway in Congress.Ā
Senator Gary Peters, chairman of the Senate Homeland Security and Governmental Affairs Committee, announced that he and Ranking Member Senator Rob Portman are working on a comprehensive cybersecurity bill that will require more uniform reporting requirements for companies that have been hit with a cyber attack.
The point? Momentum and scale.
Any American business that falls under the 16 categories of ācritical infrastructureā will soon be required to test and review all of their software and core operations in order to be compliant under this new infrastructure cybersecurity regime.Ā And nearly all companies will soon be subject to cybersecurity reporting requirements that will need to be replicated and audited in order to be compliant.Ā Ā
Open Flame
The ransomware attacks, combined with the increasing need to reshore Americaās critical infrastructure, is quite the geopolitical fire.
It means that the next ten years will see massive opportunities for startups focused on cybersecurity for supply chain management and securing core industrial operations.
Some are starting to see this opportunity.Ā Ā Josh Steinmanās startup Galvanick aligns precisely with this trend of startups providing cybersecurity support for core industrial control systems. Ā
The global cybersecurity market size was valued at $167.13 billion in 2020 and forecast to grow to $345.4 billion by 2026. With the ongoing collapse of the global supply chain, and with cybersecurity playing such an integral role in Americaās ability to reshore its core industrial operations, the massive growth potential here is hard to ignore.