Corporate Governance as National Security Strategy - Supply Chain Resilience as an Oversight Duty
Working Paper Author/Authors
Key Finding
Modern national security failures increasingly originate from corporate governance failures to oversee data supply chains
Abstract
The nation’s security depends on decisions made in corporate boardrooms: Corporations own, control and govern the critical physical and digital infrastructure upon which we daily depend. The strength of this infrastructure depends on the routine decisions made by the directors and officers who govern these corporations – choices relating to risk management, strategic development, sourcing, growth, and investments. The public stakes of these choices transform traditionally internal matters of corporate governance into contemporary issues of national security. But these corporate decisions are driven by market incentives, not security objectives, creating a significant problem of misalignment between corporate decision-making and national security policy. Multiple White House administrations have sought to address this misalignment through enhanced public governance using both executive orders and direct equity investments in corporations – measures that signal a potential re-calibration in the relationship between state and industry while still failing to reach the full range of corporations whose ordinary decisions determine national security outcomes.
This Article argues that private governance – through corporate law – offers an alternative strategy to align incentives across a broader swath of corporations than those currently reached through executive action. The mechanism of this alignment is the Caremark doctrine that serves as the channel through which external national security risks become internal corporate obligations. This fiduciary duty supplies the incentive, lacking in other governance frameworks, to reconcile the public interest in infrastructure with the private interests of those who control it. It thereby offers a private law solution to public law governance gaps – one that achieves national security objectives while respecting the traditional boundary between state and industry.
This Article makes three important contributions for corporate management, policymakers, and scholars. First, it identifies corporate governance as a part of national security governance, thereby reframing routine board decisions into sites of national security risk. Second, it addresses misaligned incentives between corporate governance and national security by providing a new understanding of Caremark’s doctrine. Third, it offers a governance framework to guide corporate management in fulfilling their Caremark duties where national security risks are real but regulation is incomplete. It applies this framework to a case study – Bitcoin mining, an increasingly important component of U.S. digital infrastructure.
The paper identifies six critical infrastructure sectors in which Caremark oversight duty claims have survived motions to dismiss — each involving corporate failures that threatened not just the company, but national infrastructure resilience.
Sector | Key case | Corporate failure | Infrastructure harm |
|---|---|---|---|
Food & Agriculture | Marchand v. Barnhill (2019) | Blue Bell Creameries board failed to implement any compliance monitoring for food safety; listeria outbreak caused three deaths and full production shutdown. | Threatened national food safety regulatory system; product recall exposed supply concentration risk in the food and agriculture sector. |
Healthcare | In re Clovis Oncology (2019) | Board aware that management was misreporting clinical trial data to the FDA; continued misrepresentation risked approval of less-effective cancer drug over competitor's. | Endangered national supply of treatment for previously untreatable lung cancer; jeopardised integrity of FDA drug approval infrastructure. |
Transportation | In re Boeing (2021) | Board had no committee responsible for airplane safety oversight; failed to discuss safety until after two 737 MAX crashes killing 346 people. | FAA grounded entire 737 MAX fleet; thousands of daily flights cancelled across US airlines for over a year, compromising national aviation infrastructure. |
Energy | In re Massey Energy (2011) | Directors consciously chose to violate mining safety law to maximise profits; Upper Big Branch mine explosion killed 29 miners. | Destabilised energy sector; reputational collapse forced company sale; created precedent for "Massey claims" — intentional law violations threatening critical infrastructure. |
Financial Services | Brewer v. Turner (2025); Stone v. Ritter (2006) | Regions Financial board ignored whistleblower reports of systematic overdraft fee manipulation; earlier, AmSouth failed to comply with Bank Secrecy Act anti-money-laundering requirements. | Threatened stability of financial services sector; undermined consumer protection and anti-money-laundering frameworks underpinning financial infrastructure. |
Commercial Facilities | In re McDonald's (2023); eXp World Holdings (2026) | Senior officers ignored and participated in systematic workplace harassment; boards failed to act on repeated reports of sexual assault at corporate events. | McDonald's 30-city worker strike disrupted commercial facilities sector; eXp's misconduct threatened the broader real estate workforce and undermined the sector's operation. |
Source: Parella & Reyes, Corporate Governance as National Security Strategy: Supply Chain Resilience as an Oversight Duty, ECGI Law Working Paper 919/2026 (April 2026). Case citations and sector classifications as discussed in the paper.
