Supply chain professionals woke up to a new world on Sept. 17 after the synchronized explosions of thousands of pagers in Lebanon killed numerous Hezbollah militants and civilians while injuring thousands. Observing the possibility of weaponizing technology supply chains, could our adversaries follow suit? Should we be worried about our medical devices, our cars, our cellphones? I have identified soft spots in the global technology supply chains and can recommend ways to make them more secure.
Let’s take a look at how the pager supply chains were infiltrated. The recovered labels on the exploded pagers, AR-924, identified Taiwan-based Gold Apollo as the manufacturer. However, the Taiwanese company denied making the pagers but claimed to have authorized BAC Consulting in Hungary to use the Gold Apollo trademark. Two firms in Bulgaria and Norway are also linked to the Hungarian company. According to a New York Times story, Israeli intelligence created an entire supply chain of shell companies to source, make and deliver these pagers to Hezbollah.
This pager attack demonstrates that supply chains are vulnerable. And so are devices we use on a daily basis. Phones, cars, thermostats, even refrigerators and washing machines, relying on complex global supply chains, can be turned into deadly weapons. But how can the global supply chains, which have served us well in reducing costs the past few decades, be compromised?
Interference could take place at many places along the chain. Components can be compromised with suppliers mostly overseas. Then assembly of the product often takes place in another plant in another country with new vulnerabilities for manipulation. There could be opportunities for interception postproduction during the warehousing and distribution of the finished product. Finally, cargo security has long been an issue in some countries, and interception is a possibility during the transportation of the components or the finished product between facilities. So many parties play a role in this opaque and often extended web of companies, creating vulnerabilities in global supply chains.
Should businesses stop sourcing globally? How can technology and manufacturing companies minimize the risk?
Global sourcing can continue, but companies should have visibility in the supply chain to reduce risks. A supply chain mapping exercise may be timely. Due diligence in vetting new suppliers is a must. Also, current suppliers should be inspected regularly to make sure work is not subcontracted to other companies. These steps are essential to identify unusual activities and mitigate threats early. For example, a visit by the Lebanese to the Budapest office address of BAC Consulting might have raised red flags as the Hungarian company had no physical presence at the address.
As strategic sourcing takes time and resources, companies may want to streamline their supply base and work with fewer suppliers to allow for closer management. The Kraljic matrix – a method used to segment the purchases or suppliers of a company – may be employed to identify the strategically important ones.
The location of those strategic suppliers is also important. The U.S.-China trade war has accelerated the reshoring, nearshoring and friendly shoring trends. Domestic sourcing or sourcing from geopolitically friendly countries may reduce the risks of interception along the supply chain. The sourcing strategy should not only consider total purchase costs but also factor in geopolitical risks and supply chain security risks.
Risk assessment frameworks need to be more comprehensive.
What we saw in Lebanon was not only a physical supply chain attack but a more complex cyber physical attack. In addition to the explosives embedded in the circuitry of the pagers, malware was probably inserted into the pagers’ software to remotely trigger detonation. Hence, the role of cybersecurity remains elevated in supply chain security.
The federal government could allocate some funds from the CHIPS [Creating Helpful Incentives to Produce Semiconductors] and Science Act to further study supply chain security, particularly in the semiconductors and electronics industries.
We woke up to a brave new world in which our communication devices and durable consumer goods can potentially be turned into weapons against us by our adversaries, just like in a science fiction movie. The vulnerabilities in manufacturing and information technology supply chains worldwide can no longer be overlooked.
Koray Özpolat is a professor of supply chain management at the University of Rhode Island College of Business.