“You can theoretically imagine the most dire consequences if you had millions of vehicles on the road and the software was disabled,” Commerce Secretary Gina Raimondo said, highlighting the risks of Chinese-made internet-connected software and hardware in the U.S.
The proposed regulations would ban the import and sale of vehicles from China that contain key communications or autonomous driving system software or hardware, sources familiar with the matter told Reuters.
Nearly all new cars on U.S. roads are considered “connected”: They have on-board networking hardware that allows them to connect to the Internet and share data with devices inside and outside the car. A bipartisan group of U.S. lawmakers warned in November that Chinese auto and tech companies are collecting and processing sensitive data while testing self-driving cars in the U.S. President Joe Biden ordered a review in February into security risks posed by Chinese car imports.
British media reported last year that British intelligence agencies had found at least one SIM card capable of transmitting location data after clearing government and diplomatic vehicles due to concerns about Chinese spyware. The device was in a sealed package imported from a Chinese supplier, the report said.
In the wake of the pager bombing, concerns are not just about espionage through electronic devices, but also about remote interference that, while not bombing, could be more dangerous, such as disabling connected cars or causing traffic accidents.
Supply Chain Wars
The pager explosion in Lebanon, blamed on Israel’s Hezbollah, highlighted the threat of supply chain wars. According to a New York Times report, Israel planted explosives in pagers made by Taiwanese company Gold Apollo. The exploded fragments reportedly bore stickers and symbols of the company’s logo. Gold Apollo, however, claims that the pagers were manufactured by Budapest-based BAC Consulting, which has exclusive rights to use the Gold Apollo logo. However, Hungarian authorities said the company is a trade intermediary and does not have a manufacturing base in Hungary. Global electronics supply chains are often a maze of contractors, subcontractors and parts suppliers across multiple countries. China plays a major role in these supply chains, as it supplies the world with the most electronics in the world.
Huawei, the Shenzhen-based Chinese telecommunications company, has been at the center of a fierce technology race between Beijing and Washington in recent years, with U.S. officials warning that the company’s equipment could be used to spy on behalf of Chinese authorities, a charge China denies.
Michael Watt, a supply chain expert at business risk consultancy Kroll, told The Washington Post that governments may begin to step up inspections of consumer goods shipments coming in and out of ports. “This should be a major wake-up call for governments to consider deficiencies in their own customs controls,” Watt said. But the complex international trade web that supports the electronics industry relies on the fact that most items cross borders with little or no inspection. “If all goods require additional inspections, it will lead to further bottlenecks in the supply chain,” Watt added.
Rep. Jim Himes (D-Conn.), the ranking member of the House Intelligence Committee, told Politico he expects companies will be reevaluating the security of their global operations. “This certainly speaks to risks associated with the supply chain,” Himes said. “I think a lot of warehouse managers and cargo ship owners today are giving a little bit of thought to the security of their facilities.”
“While this incident is highly unusual, it exposes vulnerabilities in the US and its allies, who source much of their hardware and software supply chains from countries of concern, particularly China,” Mark Montgomery, senior director of the Cyber Technology Innovation Center at the Foundation for Defense of Democracies, told Politico. “While this explosive device is an extreme outcome, it is easy to imagine malicious cyber payloads being inserted into hardware or software and later activated.”
Pagers also sound the alarm in China
As the US grows wary of importing electronics from China, China may also be concerned about weaponizing the devices. Muhammad Faisal Abdul Rahman, a research fellow at Singapore’s S. Rajaratnam School of International Studies, told the South China Morning Post that mainland China may become more suspicious of electronics and communications equipment made by the US and its allies, including Taiwan.
“Because Taiwan is a close ally of the United States and the United States is a close ally of Israel, there may be hardliners in China who see them as somehow complicit in this covert operation. China may become even more wary of other industries in Taiwan,” he said.
“At the strategic level, it suggests that the militaries and intelligence services of great powers and their powerful allies could exploit or weaponize global supply chains to preposition tools of asymmetric warfare to be activated in the event of conflict or shifting war objectives.”
One of the most detailed examples of supply chain warfare emerged publicly in 2014 through documents leaked by former National Security Agency (NSA) contractor Edward Snowden, The Washington Post reported. The documents described secret warehouses where NSA officials intercepted electronic equipment shipped by Cisco Systems, a U.S. networking supplier, without the company’s knowledge. The documents and photos showed that the agents discreetly opened boxes, implanted surveillance devices in the products, and then shipped them back to unsuspecting customers overseas, The Washington Post reported.
(With input from relevant agencies)
