Fri. Jun 2nd, 2023

Content Assessment: Targeting High-Risk Vendors? How Finland, Japan, the UK, and the US are Securing their Supply Chains (CCDCOE)

Information - 92%
Insight - 93%
Relevance - 90%
Objectivity - 91%
Authority - 93%



A short percentage-based assessment of the qualitative benefit of the recent published of the CCDCOE report on national approaches to supply chain security.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

Contact us today to submit recommendations for consideration and inclusion in ComplexDiscovery’s data and legal discovery-centric service, product, or research announcements.

Background Note: Shared for the non-commercial educational benefit of cybersecurity, information governance, and eDiscovery professionals, the report, “National Approaches to the Supply Chain Cybersecurity: Taking a More Restrictive Stance Against High-Risk Vendors,” was published by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). The CCDCOE is a NATO-accredited knowledge hub specializing in interdisciplinary cyber defense issues. With a team of international experts from various fields, such as the military, government, academia, and industry, the CCDCOE represents 39 nations and is known for its comprehensive expertise in strategic, legal, operational, and technical aspects of cyber defense.

The CCDCOE’s unique 360-degree approach to the cyber defense sector makes it a crucial source of thought leadership and expertise in the field. The Centre not only identifies and analyses emerging cyber threats but also facilitates the integration of cybersecurity into NATO and national governance and capabilities. This holistic focus, spanning technology, strategy, operations, and law, positions the CCDCOE as an internationally recognized hub for cyber defense.

The report’s insights into the supply chain cybersecurity practices of various nations are particularly valuable for cybersecurity, information governance, and eDiscovery professionals due to the CCDCOE’s well-established authority and interdisciplinary approach in the cyber defense field. By leveraging the CCDCOE’s expertise and international perspective, professionals can better understand and navigate the complex and evolving landscape of supply chain cybersecurity.

Publication from CCDCOE*

National Approaches to the Supply Chain Cybersecurity: Taking a More Restrictive Stance Against High-Risk Vendors

By Keiko Kono and Samuele De Tomas Colatin

Report Abstract

Supply chain attacks are among the most significant security concerns to nations. There are a variety of options to mitigate supply chain cybersecurity risks, yet none is perfect, especially for state-sponsored cyber threats. This paper focuses on preventative approaches and intends to give an overview of national practices in selected countries: Finland, Japan, the United Kingdom, and the United States.

There are no international legally binding rules or principles in the cybersecurity of the supply chain and a growing number of states perceive the need for national frameworks and mechanisms for ensuring the cybersecurity of the supply chain and globally common rules, as shown in some discussions ongoing at the UN. Western countries have developed frameworks at the regional and national levels based on their commonly shared perception that the supply chain is vulnerable to threats from adversarial foreign countries and that these threats must be effectively addressed by strengthening national regulations.

Despite a lack of binding agreements, all four countries reviewed in this paper have some domestic legislation or documents to regulate the supply chain and safeguard national security and foreign policy interests. Except for Japan, they passed laws addressing various cybersecurity issues. In the defence arena, all but Finland are comprehensive in covering almost all products and services, at least from the publicly available information. Finland’s regulations appear more limited in scope as they only focus on ‘the most critical parts of the communication network.’ The UK and the US are explicit in targeting high-risk vendors such as Huawei and particular countries such as China and Russia (in the case of the US) and strict requirements are imposed on domestic providers to remove these risk vendors from their network systems. Finland and Japan are implicit in this regard. However, all four nations have come to a similar practice by excluding or refraining from acquiring certain products and services made by certain countries.

National practices on the topic of the cybersecurity of the supply chain and the threat perceptions behind these practices vary between countries, including across the EU and NATO making it even more difficult to develop common international rules and standards. However, there is a pressing need to address the threats ahead of actual incidents since no country is exempt from supply chain cyberattacks and further exchange of good practices between countries is recommended.

Read the original posting.

Complete Report: National Approaches to the Supply Chain Cybersecurity: Taking a More Restrictive Stance Against High-Risk Vendors (PDF) – Mouseover to Scroll

Supply Chain Cybersecurity – CCDCOE – 052023

Read the original publication.

*Shared with permission based on educational and non-commercial distribution.

Publication Source: NATO CCDCOE, 2023. National Approaches to the Supply Chain Cybersecurity: Taking a More Restrictive Stance Against High-Risk Vendors. [online] Tallinn: NATO CCDCOE Publications. Available at: <> [Accessed 19 May 2023].

Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT and DALL-E2, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is a premier online publication renowned for providing essential insights and intelligence in the realms of cybersecurity, information governance, and legal discovery to professionals navigating these fields. As a leading source of information, the publication expertly combines original research with aggregated news to cater to a highly specialized audience. Committed to enhancing readers’ understanding of relevant topics, ComplexDiscovery stands as an impartial and comprehensive resource for exploring trends, technologies, and services associated with electronically stored information.

The driving force behind this influential publication is ComplexDiscovery OÜ, a technology marketing firm that excels in strategic planning and tactical execution for organizations operating within these sectors. Registered as a private limited company in Estonia, a global leader in digital advancements, ComplexDiscovery OÜ dedicates its primary focus to supporting the publication. The company capitalizes on its virtual presence to provide marketing consulting and services to a diverse array of clients around the world, further solidifying its reputation as a leading voice in the eDiscovery ecosystem.

Send this to a friend