Toy Story – The Supply Chain Edition

The Consumer Products Safety Improvement Act (CPSIA) will lead to a safer Christmas for children this year due to its tighter restrictions on the use of lead and Phthalates in toys, games and youth apparel.  But were toys really that unsafe before the CPSIA regulation?  The roots of the law can be traced back to a series of high-profile product recalls in 2007 by leading toy manufacturers.  For example, in May 2007 approximately 1.5 million Thomas and Friends wooden toy train sets were recalled by RC2 Corporation due to the use of lead paint on the cars.  A few months later Mattel announced a voluntary recall of a group of Fisher Price toys due to a non-approved paint containing lead being used by its contract manufacturer.  Mattel conducted several subsequent recalls that ultimately totaled 1.5M toys worldwide.

Continue reading

Review of Cyber War

I recently completed Richard Clarke’s book Cyber War, which provides a fascinating primer on the issues surrounding cyber security in the US.  This book will change the way you think about China and probably escalate concerns you may have had about North Korea.  It is difficult to discuss cyber security without a political bent.  Whether you agree with all of Clarke’s conclusions or not, I think it is important to understand his point of view.  Below are three of the more terrifying concepts of the book, which may entice you to read the whole thing.

Continue reading

Could Cyber Security Concerns Reshape the High Tech Supply Chain?

The issues around cyber security and China continue to escalate.  On Wednesday, the US released its annual China Economic and Security Review report which alleged that China Telecom re-routed traffic from the .mil and.gov domains for 18 minutes back in April.  An article in Information Week today stated that “The level of access afforded by such a diversion also could have enabled the firm to conduct surveillance on specific users or sites, disrupt a data transaction, prevent a user from connecting to a site or send data somewhere a user did not intend, according to the report.”  Beyond investigations, which have not been able to conclusively link the Chinese government to any of the security incidents, the US has already begun to restrict commercial activities of telecom equipment manufacturers such as Huawei and ZTE.  If the tensions around cyber security continue to escalate I think it could have a dramatic impact on the high tech supply chain in coming years.

Continue reading

Hardware Trojans in the High Tech Supply Chain

You may be asking yourself – what is a Hardware Trojan?  In this case, I am not referring to contraceptives for hammers and screwdrivers, but rather a malicious modification of an integrated circuit on a router, switch or server.  In my last post, I discussed the decision by Sprint to exclude ZTE and Huawei from an upcoming government contract bid due to US national security concerns.  Cyber-intelligence professionals within the US are worried that the Chinese equipment could be manipulated to enable monitoring of sensitive government communications or to disrupt network-based communications in a time of national crisis.  There are numerous recent examples of hackers located in China originating Denial-Of-Service (DOS) attacks, massive spam campaigns or installing malware on foreign PCs.

Continue reading