Exploding pagers sound global alarm for supply-chain security
Published in News & Features
Thousands of pagers and other devices exploding in Lebanon this week mark a new and deadly escalation in the use of supply chains against adversaries, giving new urgency to global leaders’ drive to reduce their dependence on technologies from rivals.
Lebanese officials believe the gadgets were rigged with explosives as part of an elaborate attack allegedly by Israel on Hezbollah, penetrating the Iran-backed group’s procurement chain with links from Taiwan to Hungary.
While booby-trapped devices have been used in spycraft for years, the scale and violence of the attacks in Lebanon — which killed at least 37 people, including two children, and injured about 2,300 more — alarmed even some seasoned officials. They fear the globalized supply chains that help produce cheap goods and power global growth could become weapons in the hands of foreign adversaries.
“When you depend on other nations for key inputs or technology you give them a back door into everything you do,” said Melanie Hart, who until recently was a senior State Department official responsible for these issues and now is at the Atlantic Council. “This is a demonstration of what it looks like to weaponize that dependence.”
U.S. officials have long acknowledged that the U.S. is too dependent on China for a variety of goods and services and in recent years the government has begun seeking to move some vital supply chains, especially those that touch on national security, to the U.S., a process known as on-shoring, or moving them to friendly countries, known as friend-shoring.
“If Israel can do this, China can do it too,” said U.S. Rep. Seth Moulton. “Long, opaque supply chains leave gaps that can too easily be exploited, and we need a strategy for closing them in close collaboration with our allies.”
A former senior U.S. intelligence official described the Lebanese blasts as just the latest and most dramatic of a number of supply-chain attacks underway around the world at the moment. They often take years to prepare and tend to be narrowly targeted to limit collateral damage, the official said, asking not to be identified to discuss matters that aren’t public. Interdiction operations - where goods are intercepted and tampered with before delivery to their ultimate recipient - are rampant, the former official said.
“Infiltrating a supply chain is a pretty standard tool of intelligence services,” said Holden Triplett, a former Federal Bureau of Investigation official. “In the last few years, we seen it used mostly to collect information but as we’ve witnessed recently it can also be used for targeted killings.”
China has prepositioned cyber attackers to “wreak havoc on our critical infrastructure at a time of its choosing,” Federal Bureau of Investigation Director Christopher Wray warned in April. “Its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
U.S. spies have a history of taking advantage of America’s dominance in many supply chains to insert technologies to target rivals, from the Stuxnet operation that struck Iran’s nuclear program to revelations over a decade ago that agents modified equipment from US tech companies shipped overseas.
Protecting against intrusion in the virtual world is especially difficult.
“You have a lot of devices out there, whether they’re communication, whether they’re critical infrastructure, that already have malicious code inside,” said Eran Fine, chief executive of Israeli company Nanolock Security, which secures industrial critical infrastructure from cyberattacks and disruptions along the supply chain.
Washington has sought to reduce or even eliminate reliance on Chinese companies for infrastructure and national security, including removing hardware in a program known as “rip and replace.”
But interdependence is hard to escape. Last year the U.S. Navy reduced the number of Chinese supplies in its “critical technologies” supply chains by some 40%, according to Govini, a government data analysis business. But the Air Force and other defense agencies increased their dependence on China, according to the company.
China, for its part, has long been engaged in a push for “indigenous innovation” to lessen the country’s reliance on foreign technologies from jet engines to computer operating systems. Last year, multiple Chinese agencies and government-backed firms ordered staff to stop bringing iPhones and other foreign devices to work.
Alternatives can be hard to find.
“The U.S. can rely on high-tech partners everywhere — staunch allies, friends we share our deepest intelligence secrets with,” said Hart, the former US official.
“China’s best options for friend-shoring are Russia, North Korea, and Syria,” she said. “Beijing is shopping for new friends in the global South but it’s hard to replicate the Western technology advantage.”
Even going low-tech can’t guarantee security, as events in Lebanon this week demonstrated.
Hezbollah had embraced pagers — a technology synonymous with the 1990s — in a bid to avoid U.S. and Israeli surveillance.
“Hezbollah decided to go low-tech to reduce its susceptibility to attack, but clearly you can’t go so low-tech that you escape vulnerabilities,” said Brad Glosserman, a senior adviser at Pacific Forum, a think-tank.
“The bottom line is that in a world of grossly extended supply chains, vulnerabilities are part of the system,” said Glosserman. “Every organization has to buy things. Vulnerability is a fact of life.”
(Alberto Nardelli, Alastair Gale, Yuki Furukawa, Donato Paolo Mancini and Katrina Manson contributed to ths report.)
©2024 Bloomberg L.P. Visit bloomberg.com. Distributed by Tribune Content Agency, LLC.
Comments