By Henry Farrell and Abraham Newman
An electronic data display showing a map of China at the Global Mobile Internet conference in Beijing.
Bloomberg has just published an explosive article claiming that a secret unit in the Chinese military has compromised the motherboards (the systems of chips and electronics that allow computers to work) of servers used by Apple, a bank and various government contractors.
China’s exploit was discovered when Amazon did due diligence on a company that it was acquiring, which used servers with the compromised motherboards.
China’s exploit was discovered when Amazon did due diligence on a company that it was acquiring, which used servers with the compromised motherboards.
Like China, both Apple and Amazon have issued statements denying the Bloomberg claims, but Bloomberg is confident that it’s correct, saying it has multiple sources inside Amazon and the intelligence community. (Amazon chief executive Jeffrey P. Bezos owns The Washington Post.)
The exploit involved tiny components — some the size of a sharpened pencil tip — that were very difficult to spot but that provided a backdoor to the servers into which they were built.
The exploit involved tiny components — some the size of a sharpened pencil tip — that were very difficult to spot but that provided a backdoor to the servers into which they were built.
The components could communicate with external computers and download instructions from them, which allow Chinese military hackers to compromise passwords and gain control over what the servers did.
If the servers were used for sensitive tasks, this kind of access could have massive security repercussions.
What is economically important, however, is how the Chinese military did this.
What is economically important, however, is how the Chinese military did this.
They weaponized the complex supply chain through which most sophisticated electronics are built. That has huge implications for the world economy.
We live in a world of complex global supply chains
People usually think of economic globalization as involving trade in final products — cars being shipped across the U.S. border from Canada or Mexico.
That only scratches the surface of the globalized economy, which involves not only trade in completed products but also in components and finishing.
A complex product such as a computer may be built from components made by hundreds — or even thousands — of specialized manufacturers, located across multiple countries.
This creates vast economic efficiencies and provides enormous economic savings, allowing companies — and even entire regional or national economies — to reap the benefits of specialization and consumers to get cheaper and better made products.
Over the last couple of decades, China has become an increasingly important supplier of technological goods.
Over the last couple of decades, China has become an increasingly important supplier of technological goods.
Chinese companies such as Foxconn specialize in manufacturing and integrating common consumer products such as iPhones.
However, China lacks capacity in some important areas, such as the design and manufacture of high-end chips.
All this means that the world manufacturing economy relies on globalized supply chains, with myriad specialized subcontractors.
All this means that the world manufacturing economy relies on globalized supply chains, with myriad specialized subcontractors.
Until recently, public debate has mostly focused on the trade-offs between the economic advantages and the human costs of these supply chains.
For example, supply chains in the garment industry often involve the exploitation of poor workers in sweatshops for brand name goods sold in American stores, leading to increasing pressure on the brand-name manufacturers to ensure humane working conditions in their suppliers and sub-suppliers. Now, however, a new set of security problems is emerging.
Globalized supply chains increase interdependence
Global supply chains were what allowed the Chinese to hack the motherboards of servers used by U.S. companies.
Globalized supply chains increase interdependence
Global supply chains were what allowed the Chinese to hack the motherboards of servers used by U.S. companies.
These servers were assembled by Supermicro, a U.S.-based supplier of specialized high-end servers.
Supermicro relied on Chinese factories to provide them with motherboards and other components.
These motherboards were then compromised by the Chinese military, which bribed or threatened four key subcontractors to get them to install the hardware-based backdoor systems.
A world of global supply chains is a world where countries’ economies and manufacturing systems are increasingly interdependent, so that if something goes wrong, everyone suffers.
A world of global supply chains is a world where countries’ economies and manufacturing systems are increasingly interdependent, so that if something goes wrong, everyone suffers.
When a single factory caught fire in 2013, the price of commonly used memory chips shot up — because every computer manufacturer relied on a very small number of manufacturers.
Our academic research explores how countries are increasingly starting to weaponize interdependence— using these vulnerabilities and choke points for strategic advantage.
Our academic research explores how countries are increasingly starting to weaponize interdependence— using these vulnerabilities and choke points for strategic advantage.
China’s hacking of motherboards is a perfect example of this.
As the Bloomberg article recounts, Chinese manufacturers dominate key aspects of computer hardware manufacturing.
While some naive people had been confident that China would never hack exported components en masse — for fear of the damage that it would do to the Chinese economy — the Bloomberg article suggests that they have succumbed to temptation.
The economic consequences are enormous
If the Bloomberg report is confirmed — and especially if it is one particular example of a broader problem — there will be very big economic repercussions.
The U.S. economy and China’s economy are deeply interdependent.
If the U.S. believes that Chinese firms are using this interdependence strategically to compromise U.S. technology systems with hardware components that undermine security, there will be pressure on the United States to systematically disengage from China and, perhaps, from global supply chains more generally.
This could have substantial knock-on repercussions for international trade, leading eventually to a world in which countries are much less willing to outsource components of sensitive systems to foreign manufacturers.
This could have substantial knock-on repercussions for international trade, leading eventually to a world in which countries are much less willing to outsource components of sensitive systems to foreign manufacturers.
Because we live in a world where technology is becoming ever more connected and ever more exploitable, this might mean that large swaths of the global economy are pulled back again behind national borders.
The United States is already highly suspicious of Chinese telecommunications manufacturers, while organizations closely linked to U.S. intelligence are calling for a far more systematic reappraisal of the security implications of supply chains.
It may be that the globalized economy of the 1990s and 2000s was a brief aberration, which will be replaced by more constrained and limited international exchange between economies that keep the important parts of their manufacturing economy at home.
