Although experts remain divided over whether China has the technical know-how to pull off the spy chip hack described by a Bloomberg BusinessWeek report last week, research agency IDC believes one thing is certain – the incident will push US hardware vendors to reconsider the integrity and location of supply chains to safeguard security.
“Advanced semiconductor design is the next battleground between China and the rest of the world to ensure security is hard-wired in silicon to employ the most stringent standards and processes across the supply chain,” according to an IDC research report, authored by five analysts including Mario Morales, program vice-president of enabling tech and semiconductors.
“Vendors will also continue to move forward with implementing their own hardware design and extend the capability to critical components needed for their equipment and workloads. This will be the new arms race in the IT world,” the report says.
Microchips as small as a grain of rice were installed on circuit boards made by Chinese subcontractors working for San Jose, California-based Super Micro Computer (Supermicro), a major supplier of custom servers and the world’s biggest vendor of server motherboards, Bloomberg reported last Thursday, citing 17 unnamed intelligence and company sources. Amazon, Apple and Supermicro all issued rebuttals after the report was published.
China’s Ministry of Foreign Affairs said China is a “resolute defender” of cybersecurity. “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim,” it said.
China has been an attractive manufacturing destination in recent decades thanks to relatively low labour costs, a technically skilled workforce and good infrastructure. It has also been attempting to move up the value chain, producing higher specification goods and reducing reliance on exports in favour of domestic consumption.
But the Bloomberg report has kicked off another round of security concerns – this time over breaches in sophisticated hardware and not just software hacks. IDC says in the report that hardware vendors will likely have to undergo full supply chain audits in future to ensure that equipment and components are completely bug free.
IDC says that the ramifications of the story are just beginning to be felt and cautioned that China’s manufacturing and supply chain is deeply integrated within the business models of many US companies. As such, the supply chain dependency of many American-based vendors will need to be reassessed to stave off any future security hacks.
The IDC report notes that geopolitics has always been a factor in the import and export of sensitive technologies – citing the purposeful exclusion of Moscow-based Kaspersky anti-virus software from US government systems as an example of a previous political intervention that affected supply chains.
While some companies have attempted OEM, white label, or partnerships as a way forward – many of these attempts have failed. And the hardware hack revelations in the Bloomberg report mean that the entire supply chain now needs to be “buttoned up”.
However Mario Morales says it’s simply not feasible for companies to move manufacturing operations out of China because supply chains are already deeply integrated. China is also a manufacturing base for global semiconductors and a source of demand for them.
Nevertheless, Morales believes that companies will need to step up security around hardware with audits and think harder about how safe their partners are.