In a shocking expose published by Bloomberg, writers Jordan Robertson and Michael Riley attest that motherboards built by the company Super Micro Computer were modified by the Chinese military to include microchips designed to give backdoor access to any computer servers into which these motherboards were built. These servers would then go to be used by Amazon, Apple, and a whole host of US companies. This hardware-style attack has been a fear of the US government for some years now, and with this report, the phenomena has erupted onto the public stage.
Global supply chains have enabled multinational corporations to procure the highest quality supplies, equipment, and products from across the globe. They have enabled the production of devices such as computers, cell phones, and cars that rely on physical materials and intellectual property sourced from every corner of the earth. Many products integral to our roles in business and our lives as consumers could not exist with the interaction of these intricate systems. However, the size, scope, and complexity of these supply chains allows them to be used as a vector for attack by hostile actors seeking to gain any possible edge over their rivals. These complicated economic networks, predicated on the assumption of fair play and a stable world order dedicated to free trade, are at risk of being co-opted, undermined, or outright destroyed in a global order defined not by co-operation, but by competition.
Due to its status as a manufacturing hub, China is well-placed to conduct these sorts of attacks. Estimates vary as to the specific numbers, but it is thought that roughly 75% of the world’s cell phones and 90% of its personal computers are manufactured in China. This status, coupled with the close ties between its government and corporate sectors, gives it a strategic advantage by enabling it to embed spyware directly into computer hardware at the point of manufacture. This type of hardware modification can steal information, manipulate data processing, and open up the door for other kinds of access, all without being detected by antivirus software*.
Regardless of whether Bloomberg’s expose is correct or whether it is, as Amazon and Apple suggest, baseless and misinformed**, the matter of supply chain security is one that strikes at the heart of the global economy, and it speaks to the gravity of this issue that members of the US intelligence community contributed background material for the piece. The US National Security apparatus relies on secrecy to fulfill its duties, and the Department of Defense is already taking steps to analyze points of vulnerability in America's industrial base. The military and other such security agencies, as well as defense contractors, are almost certain to take serious steps to begin sourcing their computers from places where the risk of hardware-style intrusions is much lower. It is likely that banks and other large financial institutions will also take a second look at the sourcing of their computing equipment, as these sorts of hardware alterations open the door to not just stealing information, but also altering financial data and tampering with the functioning of pricing algorithms and other financial systems. If sufficient demand emerges for secure computing, computer hardware companies are likely to reassess the locations of key manufacturing plants, and niche manufacturers will likely emerge that proclaim their “secure manufacturing and supply chains”.
It is not just in the computing sector that we are likely to see these sorts of attacks. As great power rivalry heats up between the US and China, and as Russia continues to posturize, attacks like this should be expected in all sectors. Products such as cars, phones, armaments, and other industrial equipment might all be modified to allow for espionage, sabotage, or other nefarious purposes. It is even likely that these nations and the businesses that operate in them, seeking to defend themselves from foreign interference, will seek to reconfigure their supply chains so as to allow for greater monitoring and protection. Global supply chains will continue to exist given that products such as consumer electronics are almost impossible to build without resources from all over the world, but they will start to be viewed with a wary eye, and in the medium- to long-term, regional supply chains (likely centered around China and the US, respectively), will emerge to cater to the demand for more secure devices. The degree to which this takes place is still subject to postulation, but that it will take place is starting to look like a certainty.
*The presence of these microchips, which were disguised as signal conditioning hardware, was detected with specialized equipment by a company hired to analyze the security of the Supermicro motherboards.
**Both Amazon and Apple attest that the nature of this penetration is grossly overstated and is being confused with isolated incidents from prior years.
