Update: The Bloomberg story discussed below has been heavily disputed by a number of actors, including, but not limited to, Apple and Amazon. For a summary, see Erik Wemple’s article. See also the request for retraction by Apple’s Tim Cook.
This story has been updated following a statement from the Department of Homeland Security. It has been further updated following reported public comments by Rob Joyce of the National Security Agency
Bloomberg has just published an explosive article claiming that a secret unit in the Chinese military has compromised the motherboards (the systems of chips and electronics that allow computers to work) of servers used by Apple, a bank and various government contractors.
According to Bloomberg, China’s exploit was discovered when Amazon did due diligence on a company that it was acquiring, which used servers with the compromised motherboards. Both Apple and Amazon have issued statements denying the Bloomberg claims. Bloomberg seems confident that it’s correct, saying it has multiple sources inside Amazon and the intelligence community. (Amazon chief executive Jeffrey P. Bezos owns The Washington Post.) The Department of Homeland Security has issued a statement saying that it sees no reason to doubt Amazon’s and Apple’s reports. According to reporter Eric Geller, the National Security Agency’s Senior Adviser for National Security Strategy has indicated that he is ‘befuddled’ by the story, and has seen no evidence to support it.
The reported exploit involved tiny components — some the size of a sharpened pencil tip — that were very difficult to spot but that provided a backdoor to the servers into which they were built. These components could reportedly communicate with external computers and download instructions from them, which could allow Chinese military hackers to compromise passwords and gain control over what the servers did. If the servers were used for sensitive tasks, this kind of access could have massive security repercussions.
What is economically important, however, is how the Chinese military reportedly did this: by weaponizing the complex supply chain through which most sophisticated electronics are built. That could have huge implications for the world economy.
We live in a world of complex global supply chains
People usually think of economic globalization as involving trade in final products — cars being shipped across the U.S. border from Canada or Mexico. That only scratches the surface of the globalized economy, which involves not only trade in completed products but also in components and finishing. A complex product such as a computer may be built from components made by hundreds — or even thousands — of specialized manufacturers, located across multiple countries. This creates vast economic efficiencies and provides enormous economic savings, allowing companies — and even entire regional or national economies — to reap the benefits of specialization and consumers to get cheaper and better made products.
Over the last couple of decades, China has become an increasingly important supplier of technological goods. Chinese companies such as Foxconn specialize in manufacturing and integrating common consumer products such as iPhones. However, China lacks capacity in some important areas, such as the design and manufacture of high-end chips.
All this means that the world manufacturing economy relies on globalized supply chains, with myriad specialized subcontractors. Until recently, public debate has mostly focused on the trade-offs between the economic advantages and the human costs of these supply chains. For example, supply chains in the garment industry often involve the exploitation of poor workers in sweatshops for brand name goods sold in American stores, leading to increasing pressure on the brand-name manufacturers to ensure humane working conditions in their suppliers and sub-suppliers. Now, however, a new set of security problems is emerging.
Globalized supply chains increase interdependence
Global supply chains were what reportedly allowed the Chinese to hack the motherboards of servers used by U.S. companies. According to Bloomberg, these servers were assembled by Supermicro, a U.S.-based supplier of specialized high-end servers. Supermicro relied on Chinese factories to provide them with motherboards and other components. These motherboards were reportedly then compromised by the Chinese military, which bribed or threatened four key subcontractors to get them to install the hardware-based backdoor systems.
A world of global supply chains is a world where countries’ economies and manufacturing systems are increasingly interdependent, so that if something goes wrong, everyone suffers. When a single factory caught fire in 2013, the price of commonly used memory chips shot up — because every computer manufacturer relied on a very small number of manufacturers.
Our academic research explores how countries are increasingly starting to weaponize interdependence — using these vulnerabilities and choke points for strategic advantage. China’s reported hacking of motherboards is a perfect example of this. As the Bloomberg article recounts, Chinese manufacturers dominate key aspects of computer hardware manufacturing. While some people had been confident that China would never hack exported components en masse — for fear of the damage that it would do to the Chinese economy — the Bloomberg article suggests that they have succumbed to temptation. It should be noted that the United States, too, has used its economic weight against Chinese hardware manufacturers. At one point the United States threatened the Chinese telecommunications giant ZTE with economic sanctions that would have made it impossible to buy chips from manufacturers with exposure to U.S. markets, a move that would effectively have driven ZTE out of business.
The economic consequences are enormous
If the Bloomberg report is confirmed — and especially if it is one particular example of a broader problem — there will be very big economic repercussions. The U.S. economy and China’s economy are deeply interdependent. If the U.S. believes that Chinese firms are using this interdependence strategically to compromise U.S. technology systems with hardware components that undermine security, there will be pressure on the United States to systematically disengage from China and, perhaps, from global supply chains more generally.
This could have substantial knock-on repercussions for international trade, leading eventually to a world in which countries are much less willing to outsource components of sensitive systems to foreign manufacturers. Because we live in a world where technology is becoming ever more connected and ever more exploitable, this might mean that large swaths of the global economy are pulled back again behind national borders. The United States is already highly suspicious of Chinese telecommunications manufacturers, while organizations closely linked to U.S. intelligence are calling for a far more systematic reappraisal of the security implications of supply chains. In an extreme scenario, it may be that the globalized economy of the 1990s and 2000s was a brief aberration, which will be replaced by more constrained and limited international exchange between economies that keep the important parts of their manufacturing economy at home.
Henry Farrell is professor of political science and international affairs at George Washington University.
Abraham Newman is a professor at the Edmund Walsh School of Foreign Service at Georgetown University.