Governments and corporations are increasingly recognizing that ICT supply chain risk is a critical part of the cybersecurity and privacy risk calculus and have taken actions to mitigate it. In some cases, governments are retreating to “technology nationalism,” creating barriers to trade based on concerns about national security, cybersecurity risk, economic competitiveness, and domestic political considerations. These barriers directly target foreign ICT providers and disrupt the technological innovation and supplier diversity that the global ICT marketplace thrives on, which can actually increase cybersecurity risk. This breakthrough group is working to bring objective, risk-based standards into the conversation to ensure that the most secure products and services are available worldwide.
In an effort to examine the dynamics around increasingly protectionist measures on global ICT trade, at its 2018 Palo Alto Progress Roundtable, the EastWest Institute convened 40 international experts for a special workshop on “TechNationalism.” Experts from industry, government, and academia discussed drivers behind current measures and provided scenarios for the future global trade of secure ICT products and services
Buyers of ICT must be able to evaluate objectively and confidently the security implications of using ICT products and services for their organizational risk profiles. To that end, in 2016, this breakthrough group published Purchasing Secure ICT Products and Services: A Buyers Guide, which outlines questions that ICT consumers can ask their suppliers to understand how to manage security risks, including supply chain risk, introduced into enterprises by commercial technology. This unique resource is intended for all organizations interested in acquiring more secure information and communications technology products and services. The report has received wide media coverage and was featured in The Wall Street Journal. It was also presented at numerous conferences and events since its release.
This breakthrough group will publish and advocate for recommendations on how nations and organizations can objectively and transparently address legitimate concerns about national security, cybersecurity risk writ large and cyber supply chain risk without suffering possible consequences that can flow from unnecessary trade barriers and reliance on “technology nationalism.” The group will lay out a set of policy principles, an analytical security/trust framework, measures, and recommendations to reframe the current discourse to reduce cyber risk while fostering global ICT trade.