A new form of warfare — the exploitation of supply chains to insert explosives into pagers and walkie talkies that killed at least 37 people in Lebanon this — underscores a mounting movement to lock down the global chain with blockchain, cybersecurity and other technology.
The attacks, which required months of planning and intelligence, has also raised concerns that weapons of mass destruction or other hazardous materials could potentially be smuggled or inserted through sophisticated supply chains.
Exploding handheld devices highlight significant risks posed by vulnerabilities in seemingly mundane technology such as supply chains at a time when defense sectors worldwide increasingly lean on international supply chains for technology, communications and critical infrastructure.
“You have the battery coming from one factory, you have the chipset coming from another and the other chips and the modems come in from elsewhere,” Oleg Brodt, head of R&D and Innovation for the Cybersecurity Research Center at Ben-Gurion University in Israel, told CBC. “We can look at every stage of the chain and think about who can get compromised.”
This week’s assault on Hezbollah, in which components were modified somewhere along the supply chain, is the most elaborate in a series of similar decades that date to Sept. 11, 2001, according to security experts.
Before 9-11, supply chain security focused on preventing theft and reducing the flow of contraband such as illegal drugs, stolen goods, and unauthorized immigrants.
But improvements in security since then have not covered synchronization, which remains a major gap. Seamless, secure trade depends on coordinated flow between several parties, and is dependent on promising but pricey technology such as smart containers, real-time monitoring systems, and automated checkpoints. This has left suppliers grappling with security and cost issues.
Consequently, two technologies have emerged as alternatives.
Blockchain offers another security layer, creating an immutable ledger to reduce counterfeiting and improve the ability to trace goods across global supply chains.
Cybersecurity is another safeguard in an increasingly interconnected web of organizational ecosystems.
Still, the scope and sophistication of this week’s hand-held exploding devices skirted the best cyber-defenses. Experts speculate the incident makes it difficult to pinpoint where the supply chain was compromised amid a multitude of potential points of entry.
“Tactically and operationally … along with the level of sophistication, tradescraft and professionalism involved — it’s unbelievable,” Assaf Orion, a retired Israeli brigadier general and defense strategist, told CBC.
Elijah J. Magnier, a Brussels-based military and senior political risk analyst, told The Associated Press that the blasts apparently were triggered by an error message sent to all the devices that caused them to vibrate, forcing the device’s owner to click the buttons to stop the vibration. He added the materials involved may have been RDX or PETN, highly explosive substances that can cause significant damage with as little as three to five grams.
The trademark of Taiwan pager manufacturer Gold Apollo has been identified on the remains of the exploded pagers, which appear to belong to the company’s AR-924 model. The company denied it made Hezbollah’s pagers and insisted only its logo was on the devices.
Instead, it says the pagers were built by BAC, a Hungarian company, through a licensing deal.
“The design and manufacturing of the products are entirely handled by BAC,” Gold Apollo said in a statement. “We only provide brand trademark authorization and have no involvement in the design manufacturing of this product.”
BAC has not replied to multiple media requests for comment.
Hezbollah reportedly acquired the pagers earlier this year when its leader, Hassan Nasrallah, ordered members to stop using cellphones because they could be easily intercepted and monitored by Israeli intelligence.
“In an increasingly uncertain geopolitical landscape and technologized world, companies in sensitive industries, especially technology, will need to be vigilant about the ability of both state and non-state actors to infiltrate their supply chains, which would have potentially damaging operational and reputational consequences,” Richard Gardiner, a strategic intelligence analyst at cybersecurity consultancy S-RM, said in an email.