US deploys commerce and communications against cyber threats, Blinken says

Isbitski noted, for example, that there is nothing to prevent a hostile foreign agent from getting a job with a major hardware manufacturer. “Recruiting processes don’t check for that. Nothing is trustworthy. It’s not acknowledging the digital supply chain risk. That vision of having a trusted supplier list is unfeasible.”

Chris Hetner, cyber risk advisor to the National Association of Corporate Directors (NACD) and a former cybersecurity advisor to the chair of the Securities and Exchange Commission, said he found Blinken’s speech trying aggressively to be comforting. “He doesn’t want to scare the community and say that we’re screwed, but we are,” Hetner said. 

Hetner also questioned whether even American vendors can legitimately claim to be entirely trustworthy. “If you’re Microsoft, Amazon, or Google, your platform is absolutely being used by untrustworthy entities,” Hetner said. “Consider ransomware as a service on AWS. There is nothing to prevent that, so what is he saying? AWS has no idea who is on their cloud.”