Five Developments in ICT Supply Chain Security in October

Much like the mosquito population in D.C., the global supply chain shortage has stuck around for far too long. Is it too much to ask to not be eaten alive by bugs after Halloween?

Without further complaint, here’s what happened in the ICT supply chain this past month.

 

 1. One if by land, two if by sea, three if by large-scale cyber-espionage campaign. 

Last week, Microsoft announced that it detected an effort by a Russian intelligence-affiliated hacker group to launch a supply-chain hack against a number of European and U.S. service providers.

The event harkens back to the SolarWinds breach discovered in December 2020, but is different in at least one important way: this time, the campaign was apparently caught much earlier, thus preventing the type of broad and sustained access into endpoint user systems that was achieved in SolarWinds.

The takeaways here are pretty straightforward:

1) All companies are a target. Too many companies think they’re not important enough to be the victim of a hack. But that logic breaks down pretty quickly if you analogize to the example of locking your doors at night: sure, you may not store the Crown Jewels in your living room, but you still don’t want people wandering around inside at 2am. And in a supply chain hack, your vulnerabilities become others’ vulnerabilities.

2) The basics of cyber hygiene are likely still not being implemented by many affected companies. That’s part of the reason why legislators and regulators are hard at work to advance new compliance and security measures like a Software Bill of Materials and reporting requirements for companies impacted by cyber incidents.

3) We’re still bickering over nomenclature—is it a hack? A cyberattack? Routine espionage? Does routine espionage at this scale escalate severity? The real point is that President Joe Biden’s efforts to punish Russiafor the SolarWinds hack don’t appear to have had much impact in preventing future ones.

2. “Why don’t you recognize I’m so rare?”

Rare earth elements (REEs) are in the spotlight. The group is composed of a bunch of metals you may not have never heard of—including Dysprosium, Ytterbium and Praseodymium—but they’re critical components in everything from computers to electric vehicles.

Like all good things, the current supply of REEs is limited. While there’s actually a healthy amount of REEs distributed around the globe, they’re relatively hard to extract and process. And what country dominates the mining and processing of REEs? You guessed it: China, which currently has a 60 percent slice of the global production pie. The United States is third with 15 percent.

China wants to keep it that way, and is maneuvering to shore up its elemental dominance. They recently announcedthe “restructuring” of three state REE companies to make one behemoth firm in a move seen as intended to increase government control over the industry.

This joint union may have been partly why the Pentagon recently called for more domestic rare earth mining and for allies to join them. But will this be enough to tangibly counter China’s already powerful position in the sector? After all, it’s not like the United States can just start mining overnight: as CleanTechnica points out, there’s a host of issues to iron out like miner safety, health codes and environmental regulation before we ramp up efforts.

For more: the demand for electric vehicles and other green technologies is driving up the need for REEs even more. Check out this emerging planet-friendly extraction method for REEs that experts are saying could help bolster U.S. supply.

3. The Global Supply Chain Crisis (or is it?) 

A recent Bloomberg newsletter interrogated some of the basic assumptions around supply chain disruption, stating “The Global Supply Chain Crisis is Neither Global Nor About Supply. Discuss.” University flashbacks, anyone?

The newsletter cites Bloomberg opinion columnist Karl Smith, who argues that the problem is less of supply chain disruption and more of demand overload; less of a global apocalypse and more of a U.S. glitch. Smith more or less argues that this is a passing problem that doesn’t require rushed government solutions by the Federal Reserve.

That said, buzzwords don’t change the fact that events on the ground aren’t fun.  Ports are backed up; Europe is turning to trucks to get its Chinese goods; and Apple is facing challenges to its production. So an international, complex problem is there. Some hypothesize that the worst is behind us. Others lay out a multi-pronged approach to smooth out the chain. But whether it’s a cocktail of solutions, riding it out, or a combination of both, it might be worth heeding advice on getting holiday shopping done early.

For more: the Bureau of Security and Industry held  a virtual forum on October 29 to discuss the ICT industrial base. Comments to its Risks in the Information Communications Technology Supply Chain are due soon, on November 4. And from the Boston Business Journal: Supply chain risk – It’s the moment of truth. 

4. What exactly is a semiconductor chip?

Inquiring minds want to know, so here’s a rapid-fire primer:

• Semiconductor chips (also called microchips, integrated circuits or just chips) are “packages with electronic connections to various devices built into [them] and used in most electronic devices.”

• Semiconductors are the group of elements on the periodic table that display features of both metals (electricity-conducting) and nonmetals (non-electricity-conducting). Chips are made from a semiconductor base, and the most common by far of these is silicon. Here’s a short introduction to the centrality of silicon.

• Onto the surface of the chip’s silicon wafer are etched various components that direct electricity across the chip in different ways: transistors that manipulate electric signals; resistors that control electric current; and capacitors that store electricity. Here’s a background on photolithography—the technology used to create the most sophisticated chips out there.

• Because semiconductor chips are used for a variety of applications, they are specially designed to meet certain needs. Roughly, memory chips store data. Microprocessors or “logic” chips perform tasks. ASML has your back if you want more details.

• Generally, the more advanced the chip, the smaller it is. This is because, for the last 50 years, the number of transistors that can fit on a single chip has doubled every two years (Moore’s Law), enabling the chips to get smaller and smaller while maintaining or increasing computing power. Alas, as you’ve likely heard, this rapid level of innovation is slowing. Here’s more on Moore. And here’s a piece defining a future beyond Moore’s Law.

• The most cutting-edge chips scaled for production today are 3nm chips—so called not for the size of the silicon wafer but for how densely packed the transistors are on top of the chip. Note that 2nm and even 1nm chips are in the works. Of course, older models of chips still have value—they’re just used for less sophisticated applications and are much cheaper, but are still critical to the mass production of technologies today.

5. Biden gets talkative on the supply chain.

President Biden’s got the supply chain on his mind.

• October 13, 2021: Remarks by President Biden on Efforts to Address Global Transportation Supply Chain Bottlenecks.

• October 31, 2021: Remarks by President Biden at Global Summit on Supply Chain Resilience.

Worth the read: TSMC founder chides U.S. plan for full chip supply chain onshore

That’s all for now—And happy belated Halloween!

 From Foxtrot: