China chip hack report will push US-based vendors to rethink supply chain security, research firm IDC says
IDC says hardware vendors will likely have to undergo full supply chain audits in future to ensure that equipment and components are completely bug free
Although experts remain divided over whether China has the technical know-how to pull off the spy chip hack described by a Bloomberg BusinessWeek report last week, technology research firm IDC believes one thing is certain – the incident will push US hardware vendors to reconsider the integrity and location of supply chains to safeguard security.
“Advanced semiconductor design is the next battleground between China and the rest of the world to ensure security is hard-wired in silicon to employ the most stringent standards and processes across the supply chain,” according to an IDC report co-authored by five analysts including Mario Morales, programme vice-president of enabling tech and semiconductors.
“Vendors will also continue to move forward with implementing their own hardware design and extend the capability to critical components needed for their equipment and workloads. This will be the new arms race in the IT world,” the report said.
Microchips as small as a grain of rice were installed on circuit boards made by Chinese subcontractors working for San Jose, California-based Super Micro Computer (Supermicro), a major supplier of custom servers and the world’s biggest vendor of server motherboards, BusinessWeek reported last Thursday, citing 17 unnamed intelligence and company sources. Amazon.com, Apple and Supermicro all issued rebuttals after the report was published.
China’s Ministry of Foreign Affairs said China is a “resolute defender” of cybersecurity. “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim,” it said.
China has been an attractive manufacturing destination in recent decades thanks to relatively low labour costs, a technically skilled workforce and good infrastructure. It has also been attempting to move up the value chain, producing higher specification goods and reducing reliance on exports in favour of domestic consumption.
But the BusinessWeek report has kicked off another round of security concerns – this time over breaches in sophisticated hardware and not just software hacks. The IDC report said tech hardware vendors will likely have to undergo full supply chain audits in future to ensure that equipment and components are completely bug free.
IDC said that the ramifications of the story are just beginning to be felt, and cautioned that China’s manufacturing and supply chain is deeply integrated within the business models of many US companies. As such, the supply chain dependency of many American-based vendors will need to be reassessed to stave off any future security hacks.
The IDC report said geopolitics has always been a factor in the import and export of sensitive technologies – citing the purposeful exclusion of Moscow-based Kaspersky anti-virus software from US government systems as an example of a previous political intervention that affected supply chains.
While some companies have attempted OEM, white label, or partnerships as a way forward – many of these attempts have failed. And the hardware hack revelations in the Bloomberg report mean that the entire supply chain now needs to be “buttoned up”.
Morales, however, said it is simply not feasible for companies to move manufacturing operations out of China because supply chains are already deeply integrated. China is also a manufacturing base for global semiconductors and a source of demand for them.
Nevertheless, he believes that companies will need to step up security around hardware with audits and think harder about how safe their partners are.