This is supply chain security theatre. The Volt Typhoon routers were American-designed and compromised because their vendors dropped patch support, not because they were assembled overseas. Moving final assembly to US soil does nothing if the firmware still ships with the same vulnerabilities and the same end-of-life abandonment. Singapore's public sector should watch this closely, not as a model to follow, but as a cautionary example of conflating manufacturing origin with security assurance when the actual risk sits in software lifecycle management and vendor accountability.
This is supply chain security theatre. The Volt Typhoon routers were American-designed and compromised because their vendors dropped patch support, not because they were assembled overseas. Moving final assembly to US soil does nothing if the firmware still ships with the same vulnerabilities and the same end-of-life abandonment. Singapore's public sector should watch this closely, not as a model to follow, but as a cautionary example of conflating manufacturing origin with security assurance when the actual risk sits in software lifecycle management and vendor accountability.