The slippery slope of supply chain fears
Now that the U.S. and other countries are barring the use of Chinese-built 5G equipment — thanks to allegations that China's government sabotages those products for espionage purposes — we're beginning to see more suspicious treatment of other infrastructure built in China, too.
The big picture: Following the U.S. ban on Chinese made telecom equipment from Huawei and ZTE, we're going to have to decide whether that means other parts of other supply chains are also guilty by association.
- Fears that Chinese-built trains might be tempting for Beijing to convert into surveillance machines are leading some in government to question the vulnerability of Chinese mass transit equipment. That recently led DC's Metro transit system to add cybersecurity safeguard specs to a contract for new rail cars.
- One solar electricity investor wondered to Codebook whether Huawei's line of solar equipment should face national bans, too. "If we’re talking about national security," he said, "why would electricity be any different than telecommunication?"
Regulators often deal with these kinds of supply chain issues product by product only after a problem is discovered. That leaves a lot of the burden on the customers, who are often left hoping that the product they bought won't eventually run afoul of the government.
Take solar equipment as an example:
- China's main focus in hacking is stealing information, including national secrets and intellectual property.
- Solar products are not a good venue for stealing the kind of information China is known to steal.
- They, could, however, be a hypothetical way for Chinese hackers to cause physical harm, including blackouts. That risk is wildly unlikely, say most China experts, and would amount to an uncharacteristic act of war.
With mass transit, there are not a lot of other options beside Chinese components. And there, as in many other industries, Chinese components are typically cheaper.
The big question: How do you maintain global supply chains without getting involved in the geopolitics of smart devices?
The risk management proposition for companies should be "holistic" and case by case, said Edna Conway, chief security officer of the global value chain at Cisco who also sits on DHS's supply chain task force.
- That means weighing many factors against cost, including the functionality of equipment, tactics to limit exposure to potential damage, availability of replacements and opportunity to fully test the equipment.
But policies driven by economic nationalism are likely to be overly broad and potentially destructive. "The global value chain is a benefit to all. We can and should continue to avail ourselves of it," said Conway.