The Hidden Vulnerability: Sabotage and Exploitation in the Semiconductor Supply Chain and China's Role

In the digital age, semiconductors are far more than mere electronic components; they are the lifeblood of our modern civilization. From the smallest smartphone to the most advanced defense system, every technological innovation, every global connection, and every critical infrastructure inherently depends on these tiny yet incredibly powerful silicon "brains." Their strategic importance is such that it has triggered a genuine global race for technological supremacy, marked by colossal investments and escalating geopolitical tensions.

However, behind the apparent perfection and incredible complexity of these devices lies a deep and systemic vulnerability: their global supply chain. This intricate web of design, manufacturing, and assembly, stretching across continents and involving countless actors, presents fertile ground for sabotage, espionage, and exploitation. In this scenario, China's role is particularly significant and controversial, given its central position in several crucial production phases. The complexities of this chain and the specific threats that characterize it within this delicate technological and geopolitical balance represent an increasingly pressing challenge.

The crucial phases of chip production

The creation of a semiconductor is a complex and highly specialized process, articulated in several interconnected phases:

• 1. Design: This is the initial phase and holds the highest added value (approximately 50%). Here, the integrated circuits that will form the chip are conceived and drawn. It's the moment when human ingenuity and innovation translate into complex schematics.

• 2. Wafer fabrication ("front-end" production): This step takes place in highly advanced facilities called "fabs." It's an extremely complex process requiring the use of around 300 different chemical substances and more than 50 types of specialized production equipment. It comprises over 1,000 process steps and can last more than 12 weeks. During this phase, circuits are etched onto thin silicon discs, called wafers, in a hyper-controlled environment.

• 3. Assembly, test, and packaging ("back-end" production): This is the final phase, often referred to as APT. The individual integrated circuits, etched on the wafer, are cut ("diced") from the wafer itself. They then undergo rigorous testing to verify their functionality and are finally packaged. Packaging protects the chip from the external environment and allows it to be soldered into final products like smartphones or computers, transforming the wafer into a ready-to-use component.

  
  

The predominant role of China in back-end: a strength and a risk

China has consolidated its position in the semiconductor sector, particularly in the back-end production phase (assembly, test, and packaging). Over the past 15 years, this has become the phase of the process where China has gained the largest market share. Currently, the three main Chinese OSAT (Outsourced Semiconductor Assembly and Test) providers account for approximately 35% of the global market.

This dominant position, while crucial for global electronic device production, raises serious security concerns. Semiconductors are particularly vulnerable in these back-end phases, and this high geographical concentration amplifies the risk. It is here, in fact, that "hardware Trojans" can be inserted: malicious circuits almost impossible to detect through standard inspections or tests. These Trojans can compromise chip functionalities, disable security features, or create backdoors, paving the way for critical vulnerabilities.

The civil-military fusion and the National Intelligence Law (NIL)

The distinction between the commercial sector and government entities in China is increasingly blurred, making it difficult to discern where commerce ends and government begins. This fusion between China's military and civilian sectors highlights a worrying lack of clear separation between government, national strategies for military modernization, and the companies that implement and enable the success of such strategies.

A crucial factor supporting this argument is China's National Intelligence Law (NIL), adopted on June 27, 2017. This law establishes an explicit obligation for all Chinese organizations and citizens to cooperate with the government on security matters. The entry of any Chinese technology provider into a state's domestic market is therefore equivalent to authorizing an infiltration by Beijing.

Let's analyze some key articles of the NIL:

• Article 7: "All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with the law, and protect national intelligence work secrets of which they are aware." This imposes a universal duty to cooperate.

• Article 9: "The state confers commendations and awards upon individuals and organizations that make significant contributions to national intelligence efforts." This provides an additional incentive for cooperation.

• Article 12: "In accordance with relevant state provisions, national intelligence institutions may establish cooperative relationships with relevant individuals and organizations, and entrust them with carrying out related activities." Chinese companies and individuals can therefore receive direct assignments from national intelligence agencies.

• Article 14: "National intelligence institutions that lawfully carry out intelligence work may request that relevant organs, organizations, and citizens provide necessary support, assistance, and cooperation." These "requests" are actual legal obligations, as is evident from a combined reading of Articles 14 and 7.

The scope of the NIL is particularly concerning as it applies globally to Chinese groups. All subsidiaries, even those outside China, could be subject to it. Since the Chinese parent company is subject to the NIL, the latter could, from the perspective of public international law, also have jurisdiction over the group's foreign subsidiaries. Furthermore, the Chinese parent company has governance powers over foreign subsidiaries, which could enforce their compliance with the NIL. The NIL applies to all organizations in China, a term that seems to include all types of companies incorporated in China, regardless of ownership (private and public Chinese shareholders, as well as foreign shareholders). It also applies to all Chinese citizens, and since it does not appear to have an explicit geographical limitation, it could be interpreted as applicable to all Chinese citizens, even when residing outside China.

In such a context, all Chinese commercial actors become a potential extension of the Chinese Communist Party (CCP) abroad.

The global spread of technological risk and Western shortcomings

The near totality of technological device production makes the threat even more pervasive. With 90% of the world's phones and nearly 80% of its computers produced in China, the exploitation of these technological products represents a serious and widespread threat. This is not limited to military or government components but extends to every device we use daily, creating a potential entry point for large-scale cyberattacks or interceptions.

Despite these evident risks, Western countries have shown shortcomings in protecting their supply chains. A 2019 report by the Inspector General of the U.S. Department of Defense (DOD) highlighted that the United States had not developed adequate controls to prevent the purchase of commercial off-the-shelf (COTS) IT products with known cybersecurity risks. This lack of oversight potentially allows compromised hardware to infiltrate critical systems, endangering national security.

Companies utilizing back-end production in China

Many semiconductor companies, including American giants, have traditionally used and continue to use back-end production facilities in Asia, including China, for several reasons:

• Costs: Labor and operational costs in China have historically been lower compared to the United States or other high-cost nations.

• Capacity and Scalability: China has developed a vast infrastructure and capacity for assembly, testing, and packaging, making it an attractive partner for large-scale production.

• Logistics: Proximity to wafer fabs ("front-end" production), many of which are located in Asia, simplifies logistics and reduces shipping times.

Due to geopolitical tensions and supply chain security concerns, there is increasing pressure on American companies to reduce their reliance on China for all phases of chip production. However, this is a slow and costly process.

It is difficult to provide an exhaustive and constantly updated list of individual companies, as their supply chain strategies can evolve rapidly. However, American companies operating in the semiconductor sector, especially those producing high volumes of chips for a wide range of applications (from consumer devices to industrial electronics), have often used assembly and test services in China or other parts of Asia.

Some examples of companies with a significant presence in Asia for back-end operations, which might include China, have been:

• Qualcomm: A leader in mobile device chips, it relies on external foundries for production and third parties for assembly and testing.

• Broadcom: Another leading semiconductor company with a global supply chain.

• Texas Instruments (TI): While having significant in-house production capacity, TI also uses third parties for some production phases.

• Analog Devices (ADI): A company that produces analog and mixed-signal semiconductors.

It is important to emphasize that many of these companies are actively seeking to diversify their supply chains and reduce reliance on single regions, including China, due to political pressures and supply chain vulnerabilities highlighted by recent events. In summary, China has been a significant player in back-end operations for many American chip companies, but the landscape is rapidly changing due to geopolitical and security considerations.

Cases and specific concerns about Chinese semiconductors

Indications of possible vulnerabilities and sabotage related to Chinese semiconductors are diverse and complex:

• "Spy chips" allegations (Bloomberg Businessweek, 2018): A Bloomberg Businessweek investigation claimed that Chinese spies had planted tiny spy chips on the motherboards of Supermicro servers, used by major tech companies and the U.S. Department of Defense. Although the companies involved (Amazon, Apple, Supermicro) strongly denied these accusations, the case generated widespread discussion and brought supply chain security into the spotlight.

• Vulnerabilities in Chinese microcontrollers: Security researchers have reported the presence of undocumented commands in the firmware of low-cost Chinese microcontrollers. While not true "backdoors" for direct remote access, these commands could allow chip manipulation or malicious code execution in the presence of physical access or specific conditions. This raises questions about the possibility of altering these chips at a later stage.

• Concerns and Lenovo cases: There have been several reports and concerns regarding Lenovo products used by U.S. government and military entities. The U.S. State Department banned Lenovo systems from its classified network in 2006. In 2008, for example, the Marine Corps in Iraq reportedly discovered that Lenovo laptops contained hidden chips on the motherboard that recorded entered data and transmitted it to China. This was considered a serious security breach and allegedly led to the Marines discontinuing the use of Lenovo products. This was not an isolated incident: in 2015, the U.S. Navy replaced IBM servers, valued at $378 million, after Lenovo acquired them, fearing that China could access sensitive data on U.S. ballistic missile technology. The Air Force was also forced to ask Raytheon to remove and replace IBM hardware after Lenovo's acquisition, and in 2016, it decided to abandon Lenovo routers. The Department of Defense has also taken further measures to prevent the use of such products in its systems. In 2019, the Office of the Inspector General of the Department of Defense published an audit concerning the purchase of commercial off-the-shelf (COTS) products and their national security implications, making explicit reference to the purchase of Lenovo laptops. The report called these products "known cybersecurity risks" and mentioned persistent vulnerabilities in Chinese technology, including the controversial Superfish software pre-installed on Lenovo laptops sold in the U.S. in 2014. This software, presented as an advertising targeting tool, actually acted as an information aggregator to identify user trends, track credentials, and funnel related data to storage centers in mainland China.

• General alerts and intelligence reports: Strategic documents from the People's Liberation Army (PLA) and expert analyses clearly indicate that China considers exploiting supply chains and inserting physical "backdoors" a legitimate tactic of warfare and espionage. This makes the concern about Chinese semiconductors not just a hypothesis, but a declared strategy.

• China's ban on foreign chips: It is interesting to note that China itself has banned the purchase of chips from foreign companies (such as Micron Technology from the U.S.) for its critical infrastructure, citing "national security risks." This shows that the concept of supply chain risk is a mutual concern, even if the motivations and transparency may differ.

  
  

Towards greater resilience and the role of alliances

The growing awareness of these vulnerabilities prompts a rethinking of supply strategies. It is fundamental to invest in:

• Diversification of supply chains: Reducing dependence on a single region for critical production phases. The global distribution of chip production in countries friendly to the United States is an advantage. The numerous segments of the semiconductor supply chain, from materials to design, manufacturing, packaging, and testing, create opportunities for multinational cooperation. Not all segments need to be in the same country.

• Increased transparency and traceability: Implementing more robust mechanisms to track components from their origin to the final product.

• Development of advanced verification capabilities: Improving testing techniques to detect hardware Trojans and other forms of sabotage.

• International cooperation: Sharing intelligence and best practices among allied countries to mitigate common risks.

For many experts, the push for self-sufficiency in the United States and Europe will impose serious efficiency costs and could lead to the loss of a key advantage over China: partnerships already built on solid commercial foundations and shared political values based on the rule of law and democracy. Reshoring also contrasts with a fundamental change in how chips are produced: the success of the "fabless and foundry" production model. Fabless means that a company designs and markets chips but outsources their production to third parties. The foundry bears the financial burden of maintaining state-of-the-art factories. This is a commercially viable alternative used by many leading technology companies. TSMC holds a 50% share in the fabless market; however, its proximity to China, which regularly threatens to invade and absorb Taipei, creates a potential security risk. The greatest geopolitical vulnerability in this global sector, therefore, is Taiwan. The island, after decades of investment, dominates the production of the most advanced chips but faces greater risks from an increasingly belligerent China that habitually threatens to occupy it. This contributes to uncertainty, making it inappropriate to leave a single nation a dominant role in a key sector. For experts, one of the most immediate threats to global security is a potential occupation of Taiwan by Beijing, either by military force or by regulatory measures. Controlling the island means dominating the global semiconductor and electronics industry, which translates into almost absolute control over the world.

The threat of sabotage in the semiconductor supply chain, exacerbated by Chinese policies and civil-military fusion, is real and complex. Addressing it requires a strategic and multi-faceted approach, moving beyond mere awareness of the problem to build a more secure and resilient global supply chain.