Co-Founder and CEO of The Chertoff Group Chad Sweet visited with the hosts of CNBC Power Lunch on Friday about the supply chain attack by Israel on Hezbollah using common electronics, pagers and two-way radios.
What happened?
Two waves of deadly blasts targeting Hezbollah hit Lebanon this week, as pagers and hand-held radios were covertly turned into explosive devices and blew up across the country, killing at least 37 people, wounding more than 3,000 others.
According to news reports, the Israeli military neither claimed nor denied responsibility for the pager explosions, and it did not immediately respond to a request for comment on the latest attack.
Indications are that the Israeli’s were able to infiltrate the supply chain by targeting primary and then secondary lines of communication. Beyond the physical harm to Hezbollah members and civilians, these attacks have likely overwhelmed local hospitals.
What can we learn from this?
While this attack appears to be state sponsored, it highlights the need for companies to understand their supply chains, build in resilience and develop strategies to mitigate risk. Companies need to have standards for vetting suppliers and ensuring they are legitimate vendors.
The immediate attack also illuminates the concern about hiding explosives in small electronic devices. This is reminiscent of the 2017 portable electronic device plot targeting aviation. Security agencies around the world will need to re-examine their screening procedures for different venues, to re-consider their posture against small explosive devices hidden in this way. X-ray technology and explosive trace detection will continue to be important – identifying sinister devices of this nature goes beyond a handheld metal detector.
What does this mean?
While terrorists have a history of using laptops, iPads, and cell phones as part of their tradecraft, this has a psychological impact and takes electronic sabotage to new and frightening heights. The mass scale detonation of explosives on so many devices at once is new.
As stated in the New York Times, “Our sense of vulnerability about how everyday implements connected to the internet can become deadly weapons may be just beginning.”
Could our adversaries attack the US using more modern devices like cell phones?
An attack at scale like this would be difficult. However, given the ease with which individuals can buy and sell bulk merchandise online under current e-commerce models, modifying and re-selling simpler technological products could facilitate a similar attack pathway—but likely not at the scale.
It is worth noting that this required a state-level actor to orchestrate and is probably one of the greatest intelligence operations of our generation. A similar attack in the US, targeting thousands of individuals and/or devices at the same time, would require that level of sophistication – or more – and given the complexity of the US technology supply chain, is very unlikely.
This is why membership in programs like C-TPAT (Customs-Trade Partnership Against Terrorism) matter. The US government relies on partnership with industry to deter, detect, and disrupt terrorism subversion of supply chains. This incident – the fear of copycats or retribution – and the general heightened terrorism threat underscore the importance of these programs. In many cases, importers and manufacturers are the first line of defense.
The Chertoff Group helps Fortune 500 companies close vulnerabilities and secure global supply chains. Learn More.
