Has China Hacked Major U.S. Companies’ IT Supply Chains?
Investigation alleges extra microchips inserted on motherboards at Chinese factories.
Last week, Bloomberg Businessweek published a very detailed article claiming that the Chinese government had infiltrated the technology supply chain to get tiny microchips installed in machines being shipped to U.S. corporations and government agencies. According to the article, these microchips enabled China to spy on the affected organizations by altering the affected servers’ operating systems and communicating with remote systems (presumably under Chinese control). According to the article, Apple and Amazon were among 30 affected U.S. companies and the discoveries of the planted microchips were originally discovered in 2015, with investigations still ongoing. Both Apple and Amazon have vehemently disputed the accuracy of Bloomberg’s article, which cites 17 sources familiar with the investigation.
Regardless of whether the article is 100% accurate, the mere possibility raises some key security concerns. The technology industry has outsourced the manufacturing of much of its hardware to companies based in China. In the era of cyber espionage, one has to assume that China would use this circumstance to its advantage to infiltrate the technology supply chain. In fact, whether you believe him or not, Edward Snowden asserted that the U.S. government had done similar things to create back doors in operating systems created by U.S. technology corporations.
It’s worth some thought by everyone: How secure is your supply chain?
The takeaway? Private sector organizations with valuable intellectual property or sensitive data and governmental agencies must consider the global nature of supply chains associated with the technology they purchase. Challenge your vendors on the quality control and security measures they take to protect their supply chain: How can they validate that the systems they are providing have not been tampered with? The inserted microchips were smaller than a grain of rice, and in one case, embedded between layers of the fiberglass board.
Do you have the resources to track your suppliers’ supply chains back to each component’s origin? This threat may end up pushing organizations to move more operations to the cloud, reasoning that hardware sabotage is a headache that the large cloud providers are better equipped to manage.
To learn more about our cybersecurity services, contact a Weaver professional today.