Posted by: Jeff Jones, director, Trustworthy Computing

Building_Trust_in_the_Global_Technology_Supply_Chain_Web If you are part of senior management in any company, you probably spend a lot of your time mitigating risk.  Is the economy going to help or hurt our bottom line?  Is our turnover rate too high?  Will our innovative new product ship on schedule? 

What about supply chain risk?  Over the past few years, supply chain risk has become a topic of focus for governments around the world concerned with protection of critical infrastructure.  But in your national or global business, is your infrastructure any less critical to you, your employees and your customers?

Today, The Economist published two thought-provoking articles (here and here) on supply chain risk and concerns. While these articles focused on one particular Chinese telecoms company, interviews with experts from across the industry led the author to a broader conclusion that, “techno-nationalism is not the answer” to supply chain challenges.

In one of the articles, “The company that spooked the world”, the author refers to some of the work on supply chain risk that has occurred here in the Trustworthy Computing group at Microsoft:

In a paper published last year two Microsoft executives, Scott Charney and Eric Werner, called for governments and companies to come up with much better standards for supply chains, to mitigate all sorts of risks including some that pertain to security.

Mr Charney acknowledges that governments will not find it easy to trust stuff designed and deployed by firms from countries considered adversaries. But knee-jerk nationalism could have dire consequences. Simply banning stuff on the basis of a firm’s nationality “could blow global trade away and balkanise the world of IT,” he says.

At Microsoft, we recognize the importance of cyber supply chain risk management. Scott Charney, Microsoft’s corporate vice president of Trustworthy Computing, last year delivered a keynote address on the topic at the East-West Institute’s Second Worldwide Cybersecurity Summit in London.  Subsequently, we have published two papers.  If you are interested, here are links to those resources, including the one referenced in The Economist: