China Exploiting Supply Chain Vulnerabilities

Hackers getting smarter, breach U.S. cybersecurity firm
Hackers getting smarter, breach U.S. cybersecurity firm
December 9, 2020
Year in Review
Gray Analytics Year in Review
December 22, 2020

China Exploiting Supply Chain Vulnerabilities

Supply Chain Vulnerabilities

By Jay Town, National Defense

When Americans consider securing the engineering architecture of the nation’s arsenal, they too often examine only secure cyber environments and maturity. Asking if they can be hacked and secrets stolen is typically the beginning — and the end — of analysis. 

This reckless intellection fails to recognize that even the most secure cyber environment offers virtually no protection from counterfeit, corrupted or obsolete components entering the supply chain. While cyber measures and firewalls are doing well guarding against external intrusions, the threats attached to the supply chain are delivered on the components themselves directly through front doors. 

China and other nations depend on a false sense of security, provided by a fortified corporate cyber environment, so they can exploit other supply chain security vulnerabilities. This emerging “Trojan Horse” threat must be addressed directly, with defense and offense. 

Much of the nation’s supply chain integrity issues stem from our dependence on single- and sole-source nations, primarily China. The United States has spent the last two decades offshoring its domestic supply chains to benefit from foreign low-cost labor and eased environmental regulations. Free trade agreements have extended supply chains farther from American borders.

Intended to optimize supply chains, reduce costs and thereby maintain competitive price points, these trade agreements have landed U.S. supply chains in a precarious position. Sourcing materials, managing inventories and maintaining stockpiles are fallen priorities behind greater financial returns.

Americans must begin to say aloud — despite their reliance upon China for retail goods, commercial products, medical supplies, rare earth minerals and much more — that China is an adversary. After all, China is clear about its intentions to jeopardize U.S. national security through supply chain threats and stealing American ingenuity.

FBI Director Christopher Wray, during remarks at the Hudson Institute earlier this year, said, “the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China. It’s a threat to our economic security and, by extension, to our national security.” 

Since 2018, Wray has sounded the alarm that supply chain risks are the new frontier of national security threats. 

The annual cost to the U.S. economy from counterfeit goods, pirated software and theft of trade secrets is upwards of $600 billion. The FBI assesses that 80 percent of all federal economic espionage prosecutions have alleged conduct that would benefit China. Additionally, around 60 percent of all IP theft cases have a direct nexus to China. Russia, Iran and other adversaries make up much of the remainder. 

As the nation matures its cyber environments and becomes more cyber aware, vulnerable supply chain integrity is that new frontier providing malign foreign actors the ability to conduct cyberattacks, exfiltrate intellectual property and engage in economic espionage. 

Bolstering the FBI’s assessment, the National Counterintelligence and Security Center recently warned that “foreign adversaries are attempting to access our nation’s key supply chains at multiple points — from concept to design, manufacture, integration, deployment and maintenance.” 

The center continued by signaling that “foreign adversaries could compromise the integrity, trustworthiness and authenticity of products and services that underpin government and American industry, or even subvert and disrupt critical networks and systems, operations, products and weapons platforms in a time of crisis. We must elevate the role of supply chain security in the acquisition process.” 

It doesn’t matter whether the products are commercial, industrial or military, China and other nemeses are intent upon corrupting the integrity of every American supply chain.

Strategic materials — such as rare earth materials, steel and ferroalloys critical to the development and maintenance of warfighting hardware — are used in manufacturing by all 10 sectors of the economy. Rare earth materials are necessary to produce nearly all technical components, such as microchips, and are almost exclusively sourced from overseas. This allows for unforeseen disruptions and deliberate interference with essential national security supply chains. While these concerns pre-dated COVID-19, the vulnerabilities persist in need of a suitable solution.

The Trump administration recognized early on that the integrity of the national security supply chain was at risk for disruption or manipulation due to single- and sole-sourcing. In 2017, President Donald Trump issued an executive order proclaiming “a healthy manufacturing and defense industrial base and resilient supply chains are essential to the economic strength and national security of the United States.” 

The order required the Departments of Defense, Commerce, Energy and other agencies to provide an accounting of strategic materials and munitions most vulnerable to supply chain disruption or intrusion. The president recently followed up with another executive order instructing that counter-solutions be developed to address the troubling reality that the “U.S. imports 80 percent of all of its rare earth materials directly from China, with portions of the remainder indirectly sourced from China through other countries,” which signals greater anxieties that our strategic supply chains are vulnerable to detrimental manipulation jeopardizing national security.

The Departments of Defense and Interior have since deemed 35 strategic minerals as critical to the defense industrial base supply chain. The United States has virtually no primary production of 22 of these 35 strategic minerals. America is more than 75 percent import reliant on an additional 10 critical minerals, including titanium and uranium. 

Conversely, China ranks as the lead global producer of 16 of those 35 strategic materials and is a near-monopoly producer of rare earth elements, producing over half the world’s aluminum and accounting for a significant share of the steel and ferroalloys imported by the United States, either directly or through transshipment whereby countries buy Chinese steel and modify it before exporting to the U.S. 

Over 50 percent of the barite, used in fracking and other energy independence processes, comes from China. Gallium, critical to the production of superconductors for computers, mobile phones and 5G technology, is 100 percent sourced from overseas, 95 percent of which comes from China. The graphite used in batteries, phones and hybrid vehicles all comes from offshore, 60 percent from China. 

Further highlighting these strategic concerns, a recent hearing before the Senate Armed Services subcommittee on readiness and management support focused exclusively on national security and supply chain integrity. Sen. Dan Sullivan, R-Alaska, the subcommittee chair, irascibly pronounced his deep concern with the nation’s reliance on China and said it needs to put an end to its dependency, despite Beijing’s calculated attempts to maintain it. 

Sullivan added that with the rise of China, “the vulnerabilities and gaps in our supply chains, particularly as it relates to national security, have taken on a new urgency.” 

Sen. Tim Kaine, D-Va., the subcommittee’s ranking member, emphasized the bipartisan nature of this threat when he expressed very clearly that America must act to prevent the erosion of our supply chains.

Undersecretary of Defense for Acquisition and Sustainment Ellen Lord testified at the same hearing and agreed the United States should “re-shore our supply chains,” and said she was “absolutely concerned about Chinese infiltration at every sector of the U.S. economy.” Lord remarked further that “playing offense, as opposed to [only] playing defense, is the way to proceed.” 

The consensus: Relying on China at all in U.S. supply chains, especially as it relates to defense, creates a fragility in the marketplace and the national security phalanx.

The hearing revealed further how China leverages its strategic material supply chain advantages in the marketplace by flooding the market with materials every time a competitor dares to start mining or producing them. China employs its deleterious domination of the world’s strategic materials by threatening refusal to engage in any commerce with nations and companies seeking alternative sourcing. 

These unfair trade practices are being addressed through diplomatic and legislative efforts, but meanwhile, our supply chain security remains vulnerable to offshore sourcing. 

Because of the entangled labyrinth of the commercial, military and government manufacturing and production base, with a plethora of touch points in the procurement process presenting constant product security risks, the nation’s supply chain integrity response cannot simply address defense, but must foresee fragilities, targets and solutions in all 10 economic sectors. 

Economic and national security are forever interdependent and, thus, jointly vulnerable to perilous manipulations and disruptions to supply chains. Not only is the U.S. supply chain ecosystem weakened by the malign influence of foreign adversaries, it can also be compromised quickly by natural disasters, military conflicts and the tectonics of global trade policies. 

Supply chain security is the collective responsibility of government and the manufacturing base. As cyber environments mature and we become increasingly aware of cyber vulnerabilities in commercial and government sectors, the next frontier of national security is supply chain integrity. 

The U.S. acquisition process, especially in the defense industrial base, can no longer afford to be driven by cost, schedule and performance. Contracting is too often over budget, behind schedule and overly complex, making the system more vulnerable and causing contractors to be reluctant to add integrated risk management frameworks into their acquisition systems for fear of losing bids due to additional security controls increasing costs. 

Since U.S. economic and national security depends upon cyber and supply chain integrity, security requirements should incentivize reliance on more than the minimum standards or bottom line. 

Counterfeit, corrupted and obsolete components introduced into the defense supply chain could cause mission failure. These troubling imitation components may not have the technical capability to perform at all. 

Additionally, lacking the ability to diversify the sourcing of strategic materials puts the entire manufacturing base at risk, especially defense.
The solution is to integrate open source intelligence and other available data sourcing, so risk assessment analysis is increasingly robust and complete. Establishing security credentials would immediately identify single-source, sole-source, ominous, or otherwise fragile supply chains. This sort of security assessment should be required by the government, thereby standardizing security and moving the costs of such an assessment out of the loss side of competitive pricing. Supply chain managers must analyze intelligence to gain a full aperture of supply chain integrity. 

The United States has entered an era of asymmetric warfare for which only comprehensive deterrence will be effective. As Lord reminds us, we must play both defense and offense. Enemies exploit cyber and supply chain vulnerabilities to exfiltrate intellectual property, corrupt quality and assurance, control production of strategic materials and manipulate our cyber environments. 

The cost to the nation comes not only in lost innovation, jobs and economic advantage, but also in reduced U.S. military strength, critical mission failure or even loss of life. The supply chain integrity of the defense industrial base and U.S. manufacturing sectors cannot afford to rely on China or other adversaries for strategic materials, regardless of cost effectiveness. It’s just too expensive. 

Jay Town is the vice president and general counsel at Gray Analytics in Huntsville, Alabama. He is the former U.S. Attorney for the Northern District of Alabama and an original member of the Trump administration’s China Initiative.

Source: https://www.nationaldefensemagazine.org/articles/2020/12/9/china-exploiting-supply-chain-vulnerabilities