return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ FBI Cisco counterfeit investigation is live fire demonstration of failed supply chain oversight ]

FBI Cisco counterfeit investigation is live fire demonstration of failed supply chain oversight

  #

The recent bureau investigation outlined in FBI Criminal Investigation: Cisco Routers of counterfeit Cisco routers, switches, interface converters (GBIC), and WAN interface cards (WIC) is a long overdue spotlight on the failure to properly manage and assess critical supply chains. Two themes stand out:

  1. Validation of insufficient supply chain analysis at tier: From a supply chain analysis standpoint, the problem is worse that the FBI notes. If the tier 0 is the OEM or top level consumer as it is in the manufacturing sector, then the malicious entry is coming in at tier 4, not tier 3, as the "GSA IT Vendor" is the tier 1. The 'tier 3' to the tier 1 is thus a tier 4 to the OEM/top tier consumer and thus well below superficial oversight limits. Alternately, federal purchasing guidelines were so loose that malicious equipment could be effectively sanitized at tier 2 as noted in the eBay and federal credit card procurement paths. As noted in Foreign vulnerability inherent in US globalization of its commercial and defense supply chains, the lack of effective means and metrics had led to complacency and ignorance.
  2. Probably PLA participation at overt/covert subsidiary: From a motivation standpoint, this analyst believes that the question of "For profit or state sponsored?" is not an 'or' but an 'and,' i.e., both motives are cooperating within the People's Liberation Army (PLA) and have been for well over a decade.

Extensive supply chain 'undersight'

 

While there are many things of interest in FBI Criminal Investigation: Cisco Routers, these caught my eye.

 

Foil #10, "Sub-Contracting Process":

  • Material is coming in via a drop ship GSA vendor to a tier 3 sub, i.e., well below the tier 2 boundary and largely sanitized from the nominal tier 3.
  • The problem is worse that the FBI notes as if tier 0 is the OEM or top level consumer as it is in the manufacturing sector, then the entry is coming in at tier 4, not tier 3, as the "GSA IT Vendor" is the tier 1 and thus well below superficial oversight limits

Foils #13-14, "Directly from PRC" and "Through Foreign Country":

  • Material is sanitized through US and nominal friendly states which confer validation in the absence of investigation.

Foils #15-16, "eBay" and "Government Credit Card":

  • Material apparently bypasses all tracking as a discrete federal group uses their fed credit card or PayPal account to buy from eBay or non-GSA vendor.

Foils #22-23, "U.S. Navy Project":

  • Lockheed Martin is the tier 1, thus the material is again coming in at tier 4 from PRC, whereupon the tier 4 ships direct to the Navy.

Foil #48, "Intelligence Gap"

The scope of criminal activity by insurgent and terrorist groups is vastly underestimated by lay readers; It is as if operational money appears as Minerva from the head of Jupiter, if it is thought about at all. Terrorist organizations build criminal funding arms that have the real possibility of dwarfing the military mission, and in some cases, as I believe is happening in Northern Ireland, they become nearly pure criminal groups with a veneer of rhetoric. None are immune:

[The Red Brigades'] daily life was ruled by economics. Members of the organization spent most of their time raising money to carry out their violent attacks, to buy weapons, to rent new safe houses… The Red Brigades [often] sailed to Lebanon to pick up arms from the PLO. The weapons were them brought to Sardinia where other European groups, such as the IRA and ETA, came to collect their share of the cargo. For this service the Red Brigades received a fee. [To give an idea of the] money required by an armed organization to function, in the 1970s, the Red Brigades had a turnover of $8 to 10 million, equivalent to about $100 million today. This figure was equivalent to the turnover of a medium size Italian company. Generating such vast flow of money required constant attention and absorbed the bulk of the time of the full time members of the organization…

Napoleoni goes on to describe that 2003 market "has merged with the international illegal and criminal economy and together they have a turnover of $1.5 trillion dollars" allocated as:

  • $500 billions are capital flights, money which move from country to country undetected, unreported and illegally;
  • $500 billions is what is commonly known as the Gross Criminal Product, money generated primarily by criminal organizations;
  • $500 billions is the New Economy of Terror, money produced by terror organizations of which 1/3 is represented by legal businesses (which include charitable donations) and the rest comes from criminal activities, primarily drug trade and smugglings.

The bulk of the $1.5 trillion flows into Western economies, it gets recycled in the US and in Europe. It is a vital infusion of cash into these economies.

Tradition of simultaneously 'manning the trenches and the cash register'

As previously noted, "The CCP (Chinese Communist Party) can only maintain its "mandate from heaven" to govern by providing rising economic growth, nor can it maintain the PLA (People's Liberation Army) solely on the "imperial wheat" of government subsidy," thus the PLA was instructed to become largely self-sufficient.

From working notes in 2004:

Official position: Peoples' Liberation Army (PLA) relinquished all commercial investments other than "logistics" in 1999.  Highly visible, high-profile investments handed over.

 

Reality: PLA influence over the economy remains deep and widespread.  The 1999 deadline merely commenced the start of protracted negotiations on who gets what and how Beijing will compensate the military for the revenue lost by handing over its companies. [Includes current value of airlines, pharmaceutical firms, manufacturing and chemical plants, as well as their future revenue stream.]

 

PLA units used the divestiture to shift money-losing firms to local governments even as they kept the best for themselves, blocked audits that would reveal theft and corruption, moved assets into umbrella companies to hide ownership, and allowed departing military officers, their wives or relatives to take over "divested" firms.

 

By 2000 PLA still owned some 10,000 companies selling everything from toilet paper to telecommunications services [Per military analysts, diplomats and China watchers] vastly undervalued at $9.7 billion USD.

 

PLA has a long tradition of simultaneously manning the trenches and the cash register. [Army actions against the Japanese and the Nationalists before and after WW II relied on farming, factory work and other extracurricular activities to support guerrilla operations. Mao Tse-tung cited Ming and Qing dynasty precedents as justification.]

 

China lacks the financial resources to support the PLA solely on the "imperial wheat" of central government funding.

 

PLA's modernization efforts are posting even more aggressive financial demands, yet the Communist Party (CP) needs the PLA as the ultimate defender of its privileged position. Backlash over US-led NATO bombing of the Chinese Embassy in Belgrade [8 May 2000] reduced "pressure to close up shop" of extra-commercial activities.

 

Before 1978, the PLA's business focus was largely limited to production for its own use.  Deng's exhortation to the people to "get rich for the good of China" found fertile ground in the military.  The PLA used its tax-exempt status, warehouses, vehicles and border control to its advantage.  Resulting abuse of power undermined Communist Party credibility, embarrassed CP leadership, while private sector interests undermined military loyalty and left many soldiers with divided loyalties.  PLA greed during the 1997 Asian economic crisis pulled forward the timeline for military divestiture.  PLA was engaging in massive oil smuggling (almost bankrupting China's two state-run oil monopolies) using its border control, ships, warehouses, trucks, private gas pumps and storage tanks to operate the smuggling operation and arbitrage the price difference between dropping world oil prices and China's higher protected prices.  The CP was enraged, recognized the PLA as a corrupting force, and feared that the PLA could endanger CP legitimacy.]

 

July 30, 1998: Military officials in Beijing and analysts abroad believe it will be many years before there is more than "incremental" change in People's Liberation Army ownership of private businesses, the Wall Street Journal reports. Several PLA officials say that lucrative companies, many related to the acquisition and development of weapons systems and related technology, owned by the powerful Headquarters of the General Staff will be exempt from the new rules by the central government. Companies such as the five-star Palace Hotel in Beijing and China Poly Group, a weapons dealer and real estate firm, will keep their military ties.  The PLA is considered the world's biggest business empire. The WSJ cites the recent sale of a PLA-owned restaurant to a private entrepreneur. The new owner pays the PLA a $1,200 monthly fee to "rent" the restaurant's name. "The military stands behind everything we do," says an employee.

PROVENANCE: My notes are unclear on provenance. At the time, was reading Mulvenon and Yang's The People’s Army in the Information Age, notably Jencks' "COSTIND IS DEAD, LONG LIVE COSTIND! RESTRUCTURING CHINA'S DEFENSE SCIENTIFIC, TECHNICAL, AND INDUSTRIAL SECTOR"; Scobell's CHINESE ARMY BUILDING IN THE ERA OF JIANG ZEMIN; Mulvenon's Soldiers of Fortune; Mulvenon and Yang's The People's Liberation Army as Organization, Reference Volume v1.0, notably Finklestein's THE GENERAL STAFF DEPARTMENT OF THE CHINESE PEOPLE'S LIBERATION ARMY: ORGANIZATION, ROLES, & MISSIONS; Magnier's Chinese Military Still Embedded in the Economy; and French's China Moves Toward Another West: Central Asia. Apologies to any that were omitted.

F.B.I. Says the Military Had Bogus Computer Gear
By JOHN MARKOFF
New York Times
May 9, 2008

US, Canadian agencies seize counterfeit Cisco gear

Grant Gross

IDG

02.29.2008

 

FBI Criminal Investigation: Cisco Routers

Section Chief Raul Roldan

Supervisory Special Agent Inez Miyamoto

Intelligence Analyst Tini Leon

January 11, 2008

 

Managing the Risks of Counterfeiting in the Information Technology Industry

KPGM International

Electronics, Software & Services

2005

 

China Moves Toward Another West: Central Asia

By HOWARD W. FRENCH

New York Times

March 28, 2004

 

The New Economy of Terror
By Loretta Napoleoni, author of Modern Jihad: tracing the Dollars behind the Terror Networks
Sign of the Times (UK)

1 December 2003

 

The People's Liberation Army as Organization

Reference Volume v1.0

Ed: James C. Mulvenon, Andrew N. D. Yang

RAND

ISBN/EAN: 0-8330-3303-4

2002 

4. THE GENERAL STAFF DEPARTMENT OF THE CHINESE PEOPLE'S

LIBERATION ARMY: ORGANIZATION, ROLES, & MISSIONS, By David Finklestein

 

Soldiers of Fortune

by James C. Mulvenon

M.E. Sharpe

ISBN-10: 0765605805

November 2000

 

CHINESE ARMY BUILDING IN THE ERA OF JIANG ZEMIN

Andrew Scobell

Strategic Studies Institute, U.S. Army War College

ISBN 1-58487-030-3

August 2000

 

Chinese Military Still Embedded in the Economy

Mark Magnier

Los Angeles Times

January 9, 2000

 

The People’s Army in the Information Age

Ed: James Mulvenson and Richard H, Yang

RAND

CF-145-CAPP/AF

ISBN/EAN: 0-8330-2716-6

1999

5. “COSTIND IS DEAD, LONG LIVE COSTIND! RESTRUCTURING CHINA’S DEFENSE SCIENTIFIC, TECHNICAL, AND INDUSTRIAL SECTOR” by Harlan W. Jencks

 

Gordon Housworth



Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  

discussion

  discuss this article


<<  |  December 2019  |  >>
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
2930311234
567891011
view our rss feed