Corporate Governance as National Security Strategy - Supply Chain Resilience as an Oversight Duty

The nation’s security depends on decisions made in corporate boardrooms: Corporations own, control and govern the critical physical and digital infrastructure upon which we daily depend. The strength of this infrastructure depends on the routine decisions made by the directors and officers who govern these corporations – choices relating to risk management, strategic development, sourcing, growth, and investments.  The public stakes of these choices transform traditionally internal matters of corporate governance into contemporary issues of national security.   But these corporate decisions are driven by market incentives, not security objectives, creating a significant problem of misalignment between corporate decision-making and national security policy. Multiple White House administrations have sought to address this misalignment through enhanced public governance using both executive orders and direct equity investments in corporations – measures that signal a potential re-calibration in the relationship between state and industry while still failing to reach the full range of corporations whose ordinary decisions determine national security outcomes.  

This Article argues that private governance – through corporate law – offers an alternative strategy to align incentives across a broader swath of corporations than those currently reached through executive action.  The mechanism of this alignment is the Caremark doctrine that serves as the channel through which external national security risks become internal corporate obligations. This fiduciary duty supplies the incentive, lacking in other governance frameworks, to reconcile the public interest in infrastructure with the private interests of those who control it.  It thereby offers a private law solution to public law governance gaps – one that achieves national security objectives while respecting the traditional boundary between state and industry.

This Article makes three important contributions for corporate management, policymakers, and scholars.  First, it identifies corporate governance as a part of national security governance, thereby reframing routine board decisions into sites of national security risk. Second, it addresses misaligned incentives between corporate governance and national security by providing a new understanding of Caremark’s doctrine. Third, it offers a governance framework to guide corporate management in fulfilling their Caremark duties where national security risks are real but regulation is incomplete. It applies this framework to a case study – Bitcoin mining, an increasingly important component of U.S. digital infrastructure.