‘Made in America’ Executive Order Means Reassessing Cybersecurity & Transit Supply Chain

The rising threat of cybersecurity has caught the nation’s attention with recent SolarWinds and Microsoft server breaches, the attack against the Colonial Pipeline, and attacks against transit systems including the Bay Area Rapid Transit (BART), Southeast Pennsylvania Transportation Authority, and Vancouver’s Translink, among others. The latest Mineta Transportation Institute (MTI) perspective, Will the Biden Administration’s ‘Made in America’ Executive Order Present Significant New Cybersecurity Obligations for Transit Operators?, analyzes how a series of Executive Orders (EOs) and laws over the past several years impact transit operators.

Cyberattacks based on security or software flaws are certainly common, but the easiest path for a cyber attacker to follow is gaining physical access to a part of a desired system. Executive Order 14005, also known as ‘Made in America,’ acknowledges this significant risk and mandates greater scrutiny of the origin of computer hardware and its associated supply chain. A hostile nation or other nefarious actor, for example, could easily partner with a local manufacturer to create a sophisticated “back-door” that could be exploited to inflict significant damage in a product destined for the United States.

In addition, President Biden issued EO 14024, Blocking Property with Respect to Specified Harmful Foreign Activities of the Government of the Russian Federation, in response to persistent Russian cyberattacks in April 2021, and EO 14028, Improving the Nation’s Cybersecurity, in May.

In light of these EOs, transit providers and their respective vendors should take into account the following findings:

• The supply chain restrictions in multiple Executive Orders suggest that U.S. transit agencies will likely need to find new sources for multiple products, including items purchased from or containing components produced by Huawei and other Chinese providers.
• More sourcing limitations are likely to reduce the number of acceptable vendors, potentially increasing the cost of goods.
• Transportation executives should educate themselves about the exemption processes associated with each of the EOs, the government agency staff leading the efforts (they are a good resource for EO interpretation or clarification), and, when needed, take action to file an exemption request.

“The ‘Made in America’ EO and similar directives demonstrate a level of consistency in U.S. policy across party lines. This means that future policies aimed at making the U.S. supply chain more resilient are unlikely to deviate much from the current playbook,” explain the authors.

Because America depends on its transportation infrastructure, transit will likely remain a prime target for nefarious actors seeking to disrupt communities. As technology evolves to enable the industry’s goals, operators and experts must adapt and prepare for the risks today and in the years to come.

ABOUT THE MINETA TRANSPORTATION INSTITUTE

At the Mineta Transportation Institute (MTI) at San Jose State University (SJSU) our mission is to increase mobility for all by improving the safety, efficiency, accessibility, and convenience of our nations’ transportation system. Through research, education, workforce development and technology transfer, we help create a connected world. Founded in 1991, MTI is funded through the US Departments of Transportation and Homeland Security, the California Department of Transportation, and public and private grants, including those made available by the Road Repair and Accountability Act of 2017 (SB1). MTI is affiliated with SJSU’s Lucas College and Graduate School of Business.

ABOUT THE AUTHORS
Scott Belcher, JD, MPP, is an MTI Research Associate and the CEO of SFB Consulting, LLC. Prior to founding SFB Consulting, LLC he served for two years as the CEO of the Telecommunications Industry Association and for seven years as the CEO of the Intelligent Transportation Society of America. Kathryn Seckman is a geopolitical risk and strategy professional, specializing in bringing the best practices of the intel sector to global business. She is a Fulbright Scholar, holds an MA in Security Studies from Georgetown University, and a BA in International Relations from Drake University. Harlan Belcher is a Master of Environmental Management student concentrating on Energy at Duke University's Nicholas School of the Environment. Before pursuing his Masters he worked as a wildland firefighter in Northern California for several years. Brandon Thomas is a Partner at Grayline Group, a firm focused on helping organizations understand and manage for disruption, as well as a Managing Partner of Blockview Partners, a firm focused on understanding the emerging blockchain and cryptocurrency space.

Media Contact:

Irma Garcia,

MTI Communications and Operations Manager

O: 408-924-7560

E: Irma.garcia@sjsu.edu