The 2017 NotPetya cyberattack on the shipping company Maersk exposed the vulnerability of global supply chains, yet the U.S. still lacks a coordinated national strategy to manage such risks. In June 2025, the Senate passed the Promoting Resilient Supply Chains Act to address this gap, aiming to designate supply chains as critical infrastructure and give the Department of Commerce lead authority. However, the bill remains stalled in the House due to bureaucratic resistance and competing priorities. Experts argue that supply chains are vital to national security and should be managed proactively, not reactively. The White House is urged to formally recognize supply chains as a distinct critical infrastructure sector to ensure long-term resilience. Jesse Humpal writes for War on the Rocks:
In 2017, the world’s largest shipping company, Maersk, went dark. A state-sponsored cyber attack known as NotPetya spread from Ukraine into global networks, paralyzing terminals from Los Angeles to New Jersey. Cargo piled up, factories waited on missing parts, and workers resorted to moving containers with Post-it notes and WhatsApp messages. The White House later attributed the attack to Russia’s military intelligence agency, calling it “the most destructive and costly cyber attack in history.” The disruption cost Maersk hundreds of millions of dollars and showed how a single supply chain shock can ripple across economies. Yet nearly a decade later, the United States still treats supply chains as a subset of other sectors rather than the critical infrastructure they plainly are. […]
That legislative stalling highlights a structural problem. Supply chains are not secondary concerns: they are the connective tissue that keeps every other sector humming. Yet current policy still treats them as small pieces inside existing industries. To correct that, supply chains should be recognized as their own critical infrastructure sector with clear leadership, resources, and accountability. […]
The risks are real. In 2022, explosions ruptured the Nord Stream pipelines in the Baltic Sea, showing how easily physical sabotage can sever lifelines. In 2017, the NotPetya cyber attack spread worldwide, paralyzing Maersk’s shipping systems, snarling port operations, and even halting vaccine production at Merck. In 2021, the Colonial Pipeline ransomware attack, enabled by a single compromised password, cut off 45 percent of the U.S. East Coast’s fuel supply and triggered panic buying.
These events show why supply chains are not an abstract economic problem. They are national security vulnerabilities. […]
The Senate has taken the first step by passing the supply chain bill. The House should not wait. As soon as the current government shutdown ends, this legislation should be at the top of the agenda. And the White House should go further, elevating supply chains into the list of critical infrastructure sectors. Only then will resilience become a standing priority rather than a scramble after the fact.
Read more here.
