Exploding pagers raise global supply chain security concerns

Thousands of pagers and other devices exploding in Lebanon this week mark a new and deadly escalation in the use of supply chains against adversaries, lending new urgency to efforts by global leaders to reduce their reliance on technology from rivals.

Lebanese officials believe the gadgets were rigged with explosives as part of an elaborate Israeli attack on Hezbollah that penetrated the Iranian-backed group’s procurement chain, with links from Taiwan to Hungary.

While booby traps have been used in espionage for years, the scale and violence of the attacks in Lebanon — which killed at least 37 people, including two children, and wounded an estimated 2,300 more — alarmed even some seasoned officials . They fear that the globalized supply chains that help produce cheap goods and power global growth could become weapons in the hands of foreign adversaries.

“When you depend on other nations for key inputs or technology, you give them a back door into everything you do,” said Melanie Hart, who until recently was a senior State Department official responsible for these issues and now is at the Atlantic Council. “This is a demonstration of how it shows that the harmonization of this dependence.”

US officials have long recognized that the US is too dependent on China for a variety of goods and services, and in recent years the government has begun looking to move some vital supply chains, particularly those related to national security, to the US , a process. known as on-shoring or moving them to friendly countries known as friend-shoring.

“If Israel can do it, China can do it,” said US Representative Seth Moulton. “Long, opaque supply chains leave gaps that can be exploited all too easily, and we need a strategy to close them in close collaboration with our allies.”

A former senior US intelligence official described the Lebanese blasts as just the latest and most dramatic supply chain attacks underway around the world. They often take years to prepare and tend to be closely targeted to limit collateral damage, the official said, asking not to be identified to discuss matters that are not public. Interdiction operations — where goods are intercepted and tampered with before delivery to their final recipient — are rampant, the former official said.

“Infiltrating a supply chain is a pretty standard intelligence tool,” said Holden Triplett, a former FBI official. “In the last few years, we’ve seen it used mostly to gather intelligence, but as we’ve seen recently, it can also be used for targeted killing.”

The operation was put in place by Israel years ago as a measure to use in the event of a major war with Hezbollah, according to people familiar with the plan. On Thursday, Israel carried out extensive airstrikes in southern Lebanon, a further sign of its focus on Hezbollah and deep concern about the heavily armed, Iranian-backed militant group on its border.

China has primed cyber attackers to “wreak havoc on our critical infrastructure at a time of their choosing,” FBI Director Christopher Wray warned in April. “His plan is to launch low strikes against civilian infrastructure to try to induce panic and break America’s will to resist.”

American spies have a history of taking advantage of America’s dominance in many supply chains to introduce technology to target rivals, from the Stuxnet operation that struck Iran’s nuclear program to revelations more than a decade ago that agents they modified equipment from American technology companies shipped overseas.

Protecting against intrusions in the virtual world is particularly difficult.

“You have a lot of devices out there, whether they’re communication or critical infrastructure, that already have malicious code inside,” said Eran Fine, chief executive of Israeli company Nanolock Security, which protects critical industrial infrastructure from attacks cybernetic. and disruptions along the supply chain.

Tom Katsioulas is among those calling attention to this danger. He has been working on semiconductor security for nearly a decade, first with Mentor Graphics Corp. – now part of Siemens AG – and then with the Global Semiconductor Alliance. The chip-tracking technology exists, but building a multinational, multi-company platform has been an uphill battle, he said.

“Everyone wants security. No one will pay for it. And when things break, everybody blames somebody else,” said Katsioulas, who left the chip organization and now serves on the U.S. Commerce Department’s Internet of Things Advisory Council.

The government needs to allocate some Chips Act funding to semiconductor factories to start a component tracking program, he argued. Establishing a rigorous security system requires only $5 million to $10 million per plant, Katsioulas estimates. But critics tell him that costs rise dramatically once you add up the hundreds or even thousands of parts involved in any typical chip supply chain.

“People call me ‘good luck,'” he said.

Washington is not blind to the threat. It aims to reduce or even eliminate reliance on Chinese firms for infrastructure and national security, including scrapping hardware in a program known as “hijack and replace.”

But interdependence is hard to escape. Last year, the US Navy cut the number of Chinese supplies in its “critical technology” supply chains by about 40 percent, according to Govini, a government data analysis firm. But the Air Force and other defense agencies have increased their reliance on China, according to the company.

China, for its part, has long been engaged in a push for “local innovation” to reduce the country’s reliance on foreign technologies, from jet engines to computer operating systems. Last year, several Chinese agencies and government-backed firms ordered staff to stop bringing iPhones and other foreign devices to work.

Alternatives can be hard to find.

“The U.S. can rely on high-tech partners everywhere — staunch allies, friends with whom we share our deepest intelligence secrets,” said Hart, the former U.S. official.

“China’s best options for supporting friends are Russia, North Korea and Syria,” she said. “Beijing is shopping for new friends in the global south, but it is hard to replicate the advantage of Western technology.”

Even the use of low-tech cannot guarantee security, as the events in Lebanon demonstrated this week.

Hezbollah has embraced pagers — a technology synonymous with the 1990s — in an attempt to evade American and Israeli surveillance.

“Hezbollah decided to go low-tech to reduce its susceptibility to attack, but clearly you can’t go so low-tech that you get rid of vulnerabilities,” said Brad Glosserman, senior adviser at the Pacific Forum, a think tank. – tank.

“The bottom line is that in a world with highly extended supply chains, vulnerabilities are part of the system,” Glosserman said. “Every organization has to buy things. Vulnerability is a fact of life.”

Top photo: The remains of an exploded pager in Lebanon on September 18. Photographer: AFP/Getty Images.

Copyright 2024 Bloomberg.