Using “Wargaming” to Evaluate Manufacturing Cyberthreats and Ensure Supply-Chain Cybersecurity
Summary
Small to medium-sized manufacturing (SMM) companies are the backbone of the U.S. industrial base. However, they do not have the financial or technical resources needed to protect themselves from cyberthreats such as computer hacking, embedded malicious software, and “internet of things” sensors sending sensitive information to foreign counties. These cyberthreats can cause huge damage to the U.S. economy and national security. With relatively limited investment, cybercriminals can disrupt critical supply chains, damage key sectors, and delete or corrupt important information resources.
The Biden-Harris administration should address these threats through a government-industry partnership that uses “wargaming” analyses — i.e., virtual techniques to model and assess threats — to evaluate manufacturing cyberthreats and test strategies for ensuring supply-chain cybersecurity. As part of this partnership, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) should implement a pilot program to spread robust and scalable cybersecurity best practices throughout manufacturing-based supply chains. Coordinating the resources and expertise of other federal agencies — including the Nuclear Security Enterprise (NSE), the Department of Defense (DOD) Digital Manufacturing Institute (MxD), the National Institutes of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP), and the DOD Cybersecurity Maturity Model Certification (CMMC) program — with the resources and expertise of external entities (e.g., academic institutions) will enable the administration to become more proactive in anticipating and neutralizing cyberthreats, thus enhancing the stability and security of U.S. manufacturing supply chains.
The Federation of American Scientists supports Congress’ ongoing bipartisan efforts to strengthen U.S. leadership with respect to outer space activities.
By preparing credible, bipartisan options now, before the bill becomes law, we can give the Administration a plan that is ready to implement rather than another study that gathers dust.
Even as companies and countries race to adopt AI, the U.S. lacks the capacity to fully characterize the behavior and risks of AI systems and ensure leadership across the AI stack. This gap has direct consequences for Commerce’s core missions.
As states take up AI regulation, they must prioritize transparency and build technical capacity to ensure effective governance and build public trust.