The American security community was shook this month when Bloomberg reported a bombshell supply-chain hack in which the Chinese military implanted tiny chips on circuit boards used by U.S. companies — including Apple, Amazon and government contractors.
But for years, the global electronics supply chain, which sits mostly in China, has been a growing battle zone between the two countries.
Congress blocked China’s Huawei and ZTE from selling their equipment to major U.S. telecom carriers back in 2012 (and more recently made it harder for Huawei to sell phones). Not long after, when Edward Snowden disclosed how the U.S. used American companies to spy overseas, China hurried to build similar tech itself, The New York Times reported.
Though they rival each other, the super powers' shared measures show one common understanding: It’s becoming near impossible to ensure security in a world where the design, production and assembly of electronics occur across a global supply chain.
Not Just the Apples and Amazons
China’s recently discovered (and still debated) attack was something graver than the software-based incidents we’re growing accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, as Bloomberg described: “promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.”
Country of origin — which can be complex enough in itself to determine — also doesn’t ensure security. A brand of electronics from one country could have insides from six others.
More often, today’s cybercriminals are shifting their strategies “to exploit third- and fourth-party supply chain partner environments to gain entry to target systems, even in verticals with mature cybersecurity standards, frameworks and regulations,” according to Accenture’s latest Cyber Threatscape Report.
A single breach can quickly reverberate throughout an organization like Amazon — with its thousands of suppliers — and the cost of recovery could far exceed that of the priciest security setup.
Of course, companies should still do their best to ensure security. Promising technology, like blockchain, is evolving every day along with hackers' techniques.
Worldwide spending on information security products and services will reach more than $114bn this year, an increase of 12.4 percent from last year, according to the latest forecast from Gartner Inc. In 2019, the market is forecast to reach $124bn.
Cloud-delivered security is becoming the preferred model for a number of technologies, too, says Gartner research director Siddharth Deshpande.
One way or another, it’s time to prepare under the assumption we’ll all be hacked. Says Deshpande: “Security and risk management has to be a critical part of any digital business initiative."
Timely, incisive articles delivered directly to your inbox.