Much like the long-standing debate around 5G, President Trump’s recent decision to sign an executive order that may see TikTok and WeChat banned, and has now evolved into a bidding war for TikTok’s U.S. operations with Oracle leading as the potential winner, has brought the world’s attention to the inherent security challenges that complex global digital communications and connectivity present.
When it comes to both issues, much of the conversation to date has focused on trying to decipher the intentions of one particular supplier, be it Huawei, or Tencent and ByteDance – the Chinese tech giants behind WeChat and TikTok, respectively. In both cases, taking a ‘hard stance’ on China, under the justification of national security, has constituted a significant element of Trump’s re-election campaign.
Despite their dominance on the global news agenda, when it comes to national security and 5G, WeChat and TikTok are somewhat of a red herring. Indeed, when any hardware or software supplier is embedded within critical infrastructure, or on almost every citizen’s phone, we are right to consider whether their kit contains backdoors that could allow that supplier to be privy to sensitive data. Or, as is the case with TikTok, whether the collection of data on U.S. citizens via an entertainment app could potentially enable state-backed cyber actors to track Federal employees or conduct corporate espionage. We cannot ignore that nation states around the world are increasingly turning to the cyber realm to garner intelligence, wield influence, and disrupt their adversaries.
However, our globalized economy has long relied on trading with, and using technology from, many different nations — it thrives on this connectivity. Western consumers now all rely on technology that was designed, contains critical components from, or was manufactured many miles from their homes. We use smartphones made in China, and our personal information is scattered around various data centers in India or the Philippines, via hosted service providers and call centers. Data is now fluid, mobile and global – that ship has sailed.
Global supply chains and communications mean that those with criminal intent have many points of vulnerability that may be tested in the pursuit of compromising sensitive systems or equipment, as well as collecting large volumes of user information. It also means that attackers have more places to hide: the complexity of a global supply chain is their friend.
The problem that must be tackled by the governments and businesses urgently is not so much whether to cut out a single vendor – however, legitimate the concerns about their integrity may be – but how to manage the pervasive risk that suppliers from all over the world bring. Managing that risk starts with visibility and understanding of your digital environment and all its complexity. Too many organizations feel blind to what’s going on in their own systems – let alone the risk that their customers or suppliers might introduce.
The good news is that artificial intelligence has made major steps forward in this area. Today, the most cyber mature organizations are already relying on AI systems to continually understand their risk across globally distributed networks, even when made up of multiple third parties across the world. Today Artificial Intelligence (AI) is helping the public and private sector get better visibility of what is going on across their complex digital infrastructures, supercharging autonomous investigations into every incident, and even autonomously responding to security problems in the earliest instances when they occur.
The complexity is such that AI is necessary, not a nice-to-have, to make sense of the noise of the digital infrastructure. We need to get on the front foot if we want to sleep better at night, embracing the reality of global supply chains, while proactively managing the risk.