Authorization

Chinese chip spying report shows the supply chain remains the ultimate weakness

Thursdays explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into datacenters operated by dozens of major U.S. companies.
We covered the story earlier, including denials by Apple, Amazon and Supermicro the server maker that was reportedly targeted by the Chinese government. Amazon said in a blog post that it employs stringent security standards across our supply chain. The FBI and the Office for the Director of National Intelligence did not comment, but denied comment to Bloomberg.
Much of the story can be summed up with this one line from a former U.S. official: Attacking Supermicro motherboards is like attacking Windows. Its like attacking the whole world.
Its a fair point. Supermicro is one of the biggest tech companies youve probably never heard of. Its a computing supergiant based in San Jose, Calif. with global manufacturing operations across the world including China, where it builds most of its motherboards. Those motherboards trickle throughout the rest of the worlds tech and were used in Amazons datacenter servers that powers its Amazon Web Services cloud and Apples iCloud.
One government official speaking to Bloomberg said Chinas goal was long-term access to high-value corporate secrets and sensitive government networks, which fits into the playbook of Chinas long-running effort to steal intellectual property.
No consumer data is known to have been stolen, said Bloomberg.
Infiltrating Supermicro, if true, will have a long lasting ripple effect on the wider tech industry and how they approach their own supply chains. Make no mistake introducing any kind of external tech in your datacenter isnt taken lightly by any tech company. Fears of corporate and state-sponsored espionage has been rife for years. Its chief among the reasons why the U.S. and Australia have effectively banned some Chinese telecom giants like ZTE from operating on its networks.
Having a key part of your manufacturing process infiltrated effectively hacked puts every believed-to-be-secure supply chain into question.
With nearly every consumer electronics or automobile, manufacturers have to procure different parts and components from various sources across the globe. Ensuring the integrity of each component is near impossible. But because so many components are sourced from or assembled in China, its far easier for Beijing than any other country to infiltrate without anyone noticing.
The big question now is how to secure the supply chain?
Companies have long seen supply chain threats as a major risk factor. Apple and Amazon are down more than 1 percent in early Thursday trading and Supermicro is down more than 35 percent (at the time of writing) following the news. But companies are acutely aware that pulling out of China will cost them more. Labor and assembly is far cheaper in China, and specialist parts and specific components often cant be found elsewhere.

Amazon reportedly offloaded its Chinese server business because it was compromised
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«     2019    »
 1
2345678
9101112131415
16171819202122
23242526272829
3031