Supermicro motherboard server chips main

Supply Chain Security in 2021

By The MacroFab Team  |  March 30, 2021

When the Supermicro story broke a year ago, the electronics world was split into two – people who believed the story was true and those who deemed it too fantastical to be reasonable. A second story appeared a month ago and promptly got lost in the shuffle with a global pandemic, GameStop, Bitcoin, NFT mania, an electronics parts shortage, and a massive SolarWinds hack, which kept the news reporters occupied.

A good portion of people who participated in the Supermicro debate initially dismissed the claims, but whether the Supermicro story is real doesn’t matter. Not really. Even though some of the technical feasibility analysis was exceptional, it misses the point.

The real impact of the Supermicro story isn’t whether the attack was real or plausible, it’s that the story exists in the first place. This isn’t a government employee who got drunk at a conference and told tall tales. There are multiple government sources, and the story ran twice now in Bloomberg. Someone wants us to pay attention.

Here’s what most people are missing about the way intelligence and counter-espionage world works – sometimes the government wants to tell us something to change our behavior, but can’t risk blowing sources and methods, which would expose ongoing operations. This means that the Supermicro story may be true or may be a plant in the media. The real question is – why spend so much time and effort planting the story to begin with?

The answer is – because these attacks against our supply chain are already happening. When this many government sources tell a coordinated story, the intended outcome is that we collectively start paying attention to how we go about our day-to-day business. Because by the time the real stories hit the newswire, it will be too late.

Some examples to illustrate. In 2016 we became aware of an extremely complex attack, which compromised the microcode on a hard drive in a way that would have been entirely undetectable. It was perfect and the most stunning thing about it was – it actually happened in 2008. By the time we read about it, the intelligence officers who ran the operation had long received their promotions and moved on to other projects. Same with one of the most audacious cybersecurity attacks where Iranian nuclear refining facilities were disrupted for many months by destroying the centrifuges. The level of planning to stage highly specialized Siemens equipment in a lab must have been staggering, but the attack was real. And the list goes on. When Snowden revelations came to light, we collectively got to see in 2014 the attacks which were executed 10 years prior, including the tapping of underwater fiber-optic cables using submarines. Yes, someone went to the trouble of running that op.

What does it have to do with Supermicro? If you dismissed the story as incredulous, you’re likely taking things too literally. The real question is – did you change your operations to prevent a Supermicro-like attack against your supply chain?

For the vast majority of people, the answer is no. Prototypes for industrial automation projects, not to mention more critical applications, are routinely done in China, which provides a convenient point for someone to do target selection. These same designs are then thrown over the wall to supply chain teams that place the manufacturing orders with the lowest bidders in factories all over the world with no regard for security or IP protection. Supply chain security – for the real, physical supply chain, not software libraries used in the Solarwinds hack – is incredibly difficult. And we’re exposed.

That’s the real point of the Supermicro story and we better be listening, or someday you’ll be reading about yourself in the headlines. That’s just how it works.

Related Topics
ITAR in Electronics Manufacturing: Maintaining Compliance

A discussion about ITAR and the shared responsibility in protecting essential technologies and services vital to the security of our nation.

Cybersecurity & the Supply Chain: Safeguarding PCBA Builds

A well-executed PCBA design, integrating robust security practices, can help safeguard against cybercrime.

Supply Chain Challenges Persist for Electronics Companies

We'll delve deeper into the supply chain challenges facing electronics companies and explore the impact on the quality outcomes of their products.

About MacroFab

MacroFab offers comprehensive manufacturing solutions, from your smallest prototyping orders to your largest production needs. Our factory network locations are strategically located across North America, ensuring that we have the flexibility to provide capacity when and where you need it most.

Experience the future of EMS manufacturing with our state-of-the-art technology platform and cutting-edge digital supply chain solutions. At MacroFab, we ensure that your electronics are produced faster, more efficiently, and with fewer logistic problems than ever before.

Take advantage of AI-enabled sourcing opportunities and employ expert teams who are connected through a user-friendly technology platform. Discover how streamlined electronics manufacturing can benefit your business by contacting us today.