In 2017, the world’s largest transport firm, Maersk, went darkish. A state-sponsored cyber assault often called NotPetya unfold from Ukraine into world networks, paralyzing terminals from Los Angeles to New Jersey. Cargo piled up, factories waited on lacking components, and staff resorted to shifting containers with Put up-it notes and WhatsApp messages. The White Home later attributed the assault to Russia’s navy intelligence company, calling it “essentially the most damaging and dear cyber assault in historical past.” The disruption value Maersk tons of of hundreds of thousands of {dollars} and confirmed how a single provide chain shock can ripple throughout economies. But practically a decade later, the US nonetheless treats provide chains as a subset of different sectors moderately than the vital infrastructure they plainly are.
In February 2025, the Senate Commerce Committee lastly determined to behave and warned that “one provide chain shock can disrupt the whole system, driving shortages and elevating prices.” That warning was paired with motion: the Selling Resilient Provide Chains Act, which handed the Senate unanimously in June however now sits “held on the desk” within the Home of Representatives.
That legislative stalling highlights a structural drawback. Provide chains will not be secondary considerations: they’re the connective tissue that retains each different sector buzzing. But present coverage nonetheless treats them as small items inside present industries. To appropriate that, provide chains needs to be acknowledged as their very own vital infrastructure sector with clear management, sources, and accountability.
Why Previous Efforts Fell Quick
When confronted with crises, the US has relied on acquainted however restricted instruments. The Strategic Nationwide Stockpile was overwhelmed through the COVID-19 pandemic, whilst hospitals and state governments competed desperately for masks, ventilators, and protecting gear.
The Protection Manufacturing Act has been invoked for ventilators, child formulation, and semiconductors. But it stays a surge mechanism, helpful solely after disruptions happen, not earlier than.
The Creating Useful Incentives to Produce Semiconductors and Science Act of 2022 poured tens of billions into home semiconductor manufacturing, a significant step however one which touches solely a single chain.
Federal companies have additionally issued steering on managing provide chain dangers. The Nationwide Institute of Requirements and Expertise, for instance, revealed Particular Publication 800-161, Revision 1, outlining cyber safety practices for techniques and organizations. The Division of Protection constructed on this basis with its personal Provide Chain Threat Administration Guidebook.
Presidents have additionally tried to fill the gaps by way of government orders. In 2021, President Biden issued Govt Order 14017, which required companies to assessment provide chains for semiconductors, prescribed drugs, vital minerals, and batteries. These evaluations revealed vulnerabilities however scattered accountability throughout departments, with no clear steward. Later that 12 months, Govt Order 14028 mandated new cyber safety guidelines for software program distributors, however solely within the data expertise area. In August 2025, the White Home ordered creation of a Strategic Energetic Pharmaceutical Elements Reserve, a slim initiative to cushion the drug provide however not a cross-sector reform.
These efforts share two flaws. First, they’re vertical: Every one focuses on a person sector or materials, leaving interdependence untouched. Second, they’re reactive: designed to reply after a disaster has begun moderately than embedding resilience from the beginning.
What Makes This Invoice Completely different
The Selling Resilient Provide Chains Act takes a brand new strategy. It directs the Division of Commerce to steer a government-wide working group, constantly map and mannequin vital provide chains, and publish a nationwide technique. By doing so, it might in impact make Commerce the lead supervisor for provide chains, a job that doesn’t exist at this time.
This invoice shouldn’t be about stockpiling or non permanent intervention. Quite, it’s about making resilience a part of day by day governance. However the best way it’s slowed down within the Home exhibits how entrenched habits and bureaucratic boundaries proceed to dam reform.
The benefits are clear. A devoted lead would change at this time’s patchwork of overlapping authorities with a single steward accountable for mapping vulnerabilities, coordinating responses, and driving long-term planning. Steady modeling may spot weak factors earlier than crises hit and a nationwide technique would give {industry} and authorities a shared framework for funding.
On the identical time, the challenges are actual. Concentrating authority within the Division of Commerce may set off resistance from companies that already oversee provide chains in their very own sectors, from power to well being care. Trade teams might fear about added reporting burdens or perceived authorities overreach. And until Congress gives sources and enforcement instruments, the invoice dangers creating yet one more coordinating physique with out the ability to compel motion.
Why It Is Stalled within the Home
Though it sailed by way of the Senate, the invoice is stalled within the Home of Representatives. Its “held on the desk” standing implies that management has not chosen to convey it to the ground.
First, flooring time is scarce. In a crowded calendar crammed with appropriations payments, protection authorizations, and overseas help packages, resilience laws can look optionally available.
Second, and extra importantly, institutional resistance is actual. Companies that already handle provide chains wish to maintain onto that authority. The Division of Power has shaped a provide chain activity group centered on transformers and has publicly recognized transformer availability as a serious constraint. The Division of Well being and Human Companies has established each a provide chain “management tower” and a provide chain resilience and absence coordinator to handle pharmaceutical and well being provide traces. Maybe the largest opponent to reform is the Cybersecurity and Infrastructure Safety Company — designated by the 2024 Nationwide Safety Memorandum-22 because the nationwide coordinator for vital infrastructure safety and resilience — which is charged with coordinating throughout the present 16 vital infrastructure sectors. That company is protecting of its jurisdiction. Its leaders argued to my workplace on the Nationwide Safety Council earlier than the invoice was put to a vote that this legislation would make the Division of Commerce the de facto sector threat administration company for provide chains, undercutting all different companies’ authority over the provision chains tied to their very own industries.
One other hesitation is scope. Increasing Commerce’s function means better federal oversight of markets which have largely run themselves. Advocates see this as needed for safety, whereas critics worry it may add prices and stifle competitors.
Taken collectively, these dynamics give Home leaders purpose to delay. Jurisdictional battles are simpler to tolerate if provide chains are seen as financial. They’re tougher to justify if provide chains are understood as issues of nationwide safety.
The Nationwide Safety Stakes
America’s rivals already view provide chains as battlefields. One observer writing in these pages described “provide chain interdiction” — the deliberate delaying, diverting, or destroying of an adversary’s provide traces — as a strategy to win with out firing a shot. One other evaluation put it bluntly: “The Pentagon’s arsenal is constructed on supplies that China can flip off like a light-weight swap.”
The dangers are actual. In 2022, explosions ruptured the Nord Stream pipelines within the Baltic Sea, exhibiting how simply bodily sabotage can sever lifelines. In 2017, the NotPetya cyber assault unfold worldwide, paralyzing Maersk’s transport techniques, snarling port operations, and even halting vaccine manufacturing at Merck. In 2021, the Colonial Pipeline ransomware assault, enabled by a single compromised password, reduce off 45 p.c of the U.S. East Coast’s gasoline provide and triggered panic shopping for.
These occasions present why provide chains will not be an summary financial drawback. They’re nationwide safety vulnerabilities. And so they reveal the true measure of resilience: not whether or not failures will be prevented, however how shortly techniques can take in shocks, reroute, and get well.
What a Provide Chain Sector Would Allow
Designating provide chains as their very own sector would embed resilience in nationwide coverage. It could institutionalize steady mapping of bottlenecks, single-source suppliers, and fragile nodes, and it might mandate buffers similar to alternate suppliers, rotating reserves, and fallback routes. This wades right into a dangerous grey space: Authorities involvement in personal provide chain relationships can enhance safety, but in addition dangers distorting markets. Even federal companies battle to implement their very own provide chain guidelines, which raises doubts about how far such oversight can lengthen into the broader financial system. The federal authorities may run stress checks, very like blackout drills for the electrical grid, to simulate port shutdowns, rail stoppages, or cyber compromise of logistics software program.
Designating provide chains as their very own sector would scale reserve fashions throughout industries, together with prescribed drugs, semiconductors, uncommon earths, and specialty chemical substances, treating reserves as versatile buffers as a substitute of static warehouses. In impact, such a designation would possible broaden the Strategic Nationwide Stockpile. The secret’s to order solely what’s scarce, irreplaceable, and important to protection or well being. In any other case, stockpiles threat turning into political want lists. The brand new sector would combine cyber safety and operational threat, since provide chain disruptions at this time typically start in software program techniques that management logistics and manufacturing. And the sector would formalize cross-industry councils, giving ports, railroads, trucking companies, producers, distributors, and software program suppliers a platform to coordinate responses.
Most significantly, a provide chain sector would align civilian and protection planning. Vulnerabilities in industrial techniques, similar to uncommon earth processing, additionally endanger navy readiness. A devoted sector would bridge that hole.
Momentum and the Street Forward
The Senate has already spoken. The Selling Resilient Provide Chains Act has bipartisan assist and powerful {industry} backing. However the Home has not moved, partly due to competing legislative priorities and partly due to resistance from present companies.
Even when the Home passes the invoice, a bigger step stays to be taken — formal designation of provide chains as a vital infrastructure sector. The White Home’s 2024 Nationwide Safety Memorandum-22 up to date priorities however declined so as to add new sectors, clinging to a construction created greater than a decade in the past. That call mirrored institutional inertia moderately than strategic foresight.
The subsequent step requires a shift in framing. Provide chains needs to be understood not as slim financial points however as important to nationwide safety and resilience. Solely then will policymakers overcome bureaucratic turf wars and act decisively.
From Recognition to Energy
The U.S. authorities has reorganized swiftly when threats have demanded it — after the 9/11 assaults to enhance homeland safety, and extra just lately to confront cyber operations. These reforms have been imperfect, typically buying and selling safety positive factors for brand spanking new considerations about surveillance and civil liberties, however they present Washington’s capability to behave decisively when stakes are excessive. Provide chains are the subsequent take a look at. Adversaries already deal with them as stress factors, probing for vulnerabilities. People have lived by way of shocks to Maersk, Colonial Pipeline, and Nord Stream. Every case exhibits that prosperity, safety, and even the power to battle wars rely upon lifelines that may be severed right away.
The Senate has taken step one by passing the provision chain invoice. The Home mustn’t wait. As quickly as the present authorities shutdown ends, this laws needs to be on the prime of the agenda. And the White Home ought to go additional, elevating provide chains into the checklist of vital infrastructure sectors. Solely then will resilience develop into a standing precedence moderately than a scramble after the very fact.
Jesse R. Humpal is an lively obligation U.S. Air Drive officer whose work focuses on the coverage implications of nationwide safety spending, with an emphasis on vital infrastructure resilience. He will be adopted @jessehumpal on X. The views expressed are his personal.
**Please notice, as a matter of home type, Battle on the Rocks won’t use a special identify for the U.S. Division of Protection till and until the identify is modified by statute by the U.S. Congress.
Picture: Midjourney
