Feds are on a supply-chain security tear
Federal officials are doubling down on sounding alarms about the risks of supply-chain security threats — attacks where hackers sabotage software or hardware before it's sent to the customer — with warnings to businesses up against the theft of intellectual property, federal contractors up against espionage and telecoms who will soon face large-scale buildout of 5G networks.
Why it matters: It's difficult to extract supply-chain-vulnerable products from the market. Many devices and networks include components from a variety of companies from all over the world, providing ample opportunity for bad actors to interfere. Banning certain products can combat such threats, but can also cause friction: Just look at the recent call to remove ZTE and Huawei products from the telecom networks.
Driving the news: Last week, the Office of the Director of National Intelligence issued a report Thursday that supply chain attacks used for economic espionage were on the rise. On Friday, the Department of Defense told reporters that it was compiling a list of software manufacturers with Chinese and Russian ties it thinks military branches and contractors should avoid.
- This comes on the heels of scandals at ZTE, Huawei and Kaspersky, where the government alleges foreign-made products were used to spy on domestic agencies and companies.
Why now: The United States is about to go through a massive infrastructure expansion project as mobile carriers and equipment firms roll out 5G technology. Meanwhile, rural communities are still building their first broadband networks.
- The U.S. has instructed telecom companies not to use products from the Chinese firms Huawei and ZTE — both of whom are suspected of sabotaging their own products to enable Beijing’s spying efforts.
- But telecom execs say that for smaller communities, low-cost Chinese equipment is the only economically viable way to expand infrastructure. Chinese equipment is not just cheaper, it’s also often the only one-stop shopping solution for telecommunications hardware and tend to offer affordable financing packages.
The government could dig its way out of the hole, but likely won't. Jim Lewis, currently of the CSIS think tank and formerly a Department of Commerce official specializing in high tech issues involving China, estimates that the government could even the playing field and solve the telecom supply chain problem for a little over a billion dollars.
- That would involve funding rural providers purchasing less vulnerable equipment and issuing grants to ZTE and Huawei competitors for research, helping them compete with China's massive state research budget.
- But, said Lewis, Congress loathes spending money, even when it is the only solution.