Barely a week after booby-trapped pagers killed dozens of people and wounded about 3,000, mostly operatives of an attack anti-Israel militant group Hezbollah, in Lebanon, the US Commerce Department is considering banning Chinese software and hardware in connected and autonomous vehicles on American roads due to national security concerns, sources have told Reuters.

“You can imagine the most catastrophic outcome theoretically if you had a couple million cars on the road and the software were disabled,” Commerce Secretary Gina Raimondo has said, highlighting the risks of Chinese software or hardware in connected US.

The proposed regulation would ban the import and sale of vehicles from China with key communications or automated driving system software or hardware, the sources told Reuters.

Nearly all newer vehicles on U.S. roads are considered “connected.” Such vehicles have onboard network hardware that allows internet access, allowing them to share data with devices both inside and outside the vehicle. A bipartisan group of US lawmakers in November raised alarm about Chinese auto and tech companies collecting and handling sensitive data while testing autonomous vehicles in the US. President Joe Biden had ordered in February a probe into security risks posed by Chinese vehicle imports.

A British media report claimed last year that concerns over Chinese spyware prompted intelligence officials in the UK to strip back government and diplomatic vehicles, leading to the discovery of at least one SIM card capable of transmitting location data. The report claimed the device had been placed inside a sealed part imported from a Chinese supplier.

After pager blasts, the concern is not just spying through electronic devices but more dangerous disruption, if not bombing, through remote manipulation such as disabling of connected cars and triggering a traffic catastrophe.

The supply chain warfare

Pager blasts in Lebanon, blamed in Israel by Hezbollah, have brought to light the threat of supply chain warfare. As per an NYT report, Israel inserted explosives into pagers made by a Taiwanese firm, Gold Apollo. There were stickers and symbols of the company’s logo on the blasted pieces, according to reports. However, Gold Apollo has claimed that it pagers were manufactured by Budapest-based BAC Consulting which had the proprietary right to use Gold Apollo logo. However, Hungarian authorities said the company is a trading intermediary, without any manufacturing operations in the country.Global electronics supply chains supply chains often run through a maze of contractors and sub-contractors and components suppliers spread over several countries. China has an outsized role these supply chains as it supplies the most electronics to the world.

Huawei, the Shenzhen-based Chinese telecom company, has for several years been at the centre of an intense technological rivalry between Beijing and Washington, with US officials warning its equipment could be used to spy on behalf of Chinese authorities, allegations that China has denied.

Michael Watt, a supply chain expert with the business risk consultancy firm Kroll, told Washington Post that governments may begin to increase inspections of shipments of consumer goods going in and out of their ports. “This should be very much a wake-up call for national governments to consider any gaps in their own customs controls,” Watt said. But the complex web of international trade underpinning the electronics industry depends on the fact that most items cross borders with little scrutiny. “That would lead to additional bottleneck of supply chains if all goods need to be additionally inspected,” Watt added.

Rep. Jim Himes (D-Conn.), ranking member of the House Intelligence Committee, told Politico he expected companies to be reevaluating the security of their global operations. “It does certainly point to the risks associated with supply chains,” Himes said. “I would imagine there’s a lot of warehouse managers today, and you know, cargo ship owners who are doing a little bit of thinking about the security of their facilities.”

“This incident is very unique, but it highlights the vulnerabilities that the US and its allies accept by having so many of their hardware and software supply chains emanating from countries of concern, particularly China,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense for Democracies, told Politico. “While this explosive device is an extreme outcome, it’s easy to envision malicious cyber payloads being inserted in hardware or software for later activation.”

Pagers ring an alarm within China too

Even as the US has become wary of imported Chinese electronics, China too could be worried about weaponisation of electronic products. Muhammad Faizal Abdul Rahman, a research fellow at the S Rajaratnam School of International Studies in Singapore, told South China Morning Post that mainland China would possibly view electronic and communications products made by the US and its allies – including Taiwan – with greater suspicion.

“There could be hawkish elements in China who assume that Taiwan, as a close ally of the US who in turn is a close ally of Israel, is somehow complicit in this cloak and dagger operation. China might cast an even more wary eye on other Taiwanese industries,” he said.

“At the strategic level, it suggests that military and intelligence agencies of major powers and their powerful allies could exploit or weaponise global supply chains to pre-position tools of asymmetric warfare that would be activated during times of conflict or when the objectives of war changes.”

One of the most detailed cases of supply-chain warfare publicly known surfaced in 2014, via documents leaked by former National Security Agency contractor Edward Snowden, Washington Post has reported. They described a secret warehouse where NSA workers intercepted electronic devices shipped from US networking supplier Cisco Systems, without the company’s knowledge. Documents and photos indicated that the workers carefully opened the boxes, implanted surveillance devices into the products, and sent them onward to the unsuspecting overseas customers, as per the WP report.

(With inputs from agencies)