RedLock CISO: China Chip Hack May Be Just The Beginning

Podcast on Apple Podcasts, SoundCloud, and Bloomberg dot com. Vice President Pence has been speaking at the Husband Institute in Washington, d C. Among his comments, he said that Chinese security agencies have masterminded the wholesale theft of American technology, including

cutting edge military blueprints. Of course, this is incredibly relevant, especially in light of the blockbuster Bloomberg business Week story that just came out talking about a micro chip implanted in computer motherboards that were used in everything from the pencil Gone to Amazon to Google. Joining us now is Matt Chiot, vice president chief information security officer at Redlock in Philadelphia. Matt, I want to just start with that

story reported by Bloomberg business Week. Are you concerned reading that that China has gotten access to the to our biggest technology companies in the United States as well as potentially the military. You know, absolutely, I think that this story right now. Mindly, all of this is allegedly reportedly. But if what is being reported is true, this could

be very, very dangerous. Why Well, it could be dangerous for a number of reasons, but number one, most of the time when we talk about cyber security, we're talking about software based hacks. In this specific incident, we're talking about hardware. Hardware hacks are really ever talked about. It's usually just something that has talked about as being theoretical,

something that could happen. If this did in fact happen, we need to remember that allegedly, these chips are so small that they can barely be seen by the human eye. And what happens is with these chips, allegedly is that they allow code to be inserted into the operating system

that's running on top of this hardware. This could let somebody do any number of things, including potentially expilter, expiltate data, or do other things perhaps far more Nefaria matt As, the Chief Information Security Officer of Redlock and previously the head of Cloud Security and Global Head of Cloud Security at Cognizant Technology Solutions. If you received a telephone call, in email, a communication from a client asking what should I do? What would you say as a result of

this revelation. The first thing that we would advise them to do is to begin start looking at as part of their third party risk management program to ensure that they are actually looking at the security of the hardware. I have been in many differ and corporate security programs, in very very few of them actually look at the security of the hardware. It's usually implicitly trust. In right, the chip comes from manufacturer X, I don't even look at it. I just trust that it will be there

securely in just directly, how do you do this? How do you do it? I mean, do you actually take the box apart and look at the original design and match what's there with the original design. Most corporate security programs do not have the technical resources to do this. What's been reported, especially back in right with Amazon Web Services that allegedly found this, they actually didn't even have the expertise. Allegedly, they sourced this out to a hardware

security firm that found this. Right, and we need to give major kudos to AWS for finding this if in fact this is true. Um apportedly they were the only ones that found this, and then of course this went to other companies, but absolutely if somebody called me today and they were asking what should we do, they need to immediately invoke a hardware security firm, because more than

likely they do not have this expertise in house. I guess one thing that I'm struck by is what don't we know as far as what's been hacked and what has already um, you know, been infiltrated in some way or another. I mean, do you think that the sort of infiltration not just by China but other foreign nations as well, into US check is much broader than people

could ever begin to imagine? Well, you have to remember, right, I mean we're talking about super micro, a legendly right, this is the company that supposedly the People's Liberation Army of China supposedly infiltrated. They produce a great number of the world's motherboards, right, I remember motherboards there in everything right there, and everything from m r s too, special

purchase computers to weapons systems. We don't know at this time how how many systems this actually got into, but if it did, we have got some very serious things to look at in the coming days. What kinds of effort do you believe that the private sector has already implemented, if any, in order to work with the US government

to prevent these kinds of infiltrations at this time. I mean, from what I have seen, again, most corporate security programs really don't have much expertise when it comes to hardware security. I think what we're going to see in the coming days and months is that there will be probably an expansion and I think just the public interest in this because you know, this goes very broad right again, computers run everything these days, from voting machines right to mobile phones,

et cetera. It's going to get very very broad and right now. You know, again, it's been reported that this is still part of an ongoing top secret probe. So we may not get a lot of answers now, but I can guarantee you in the coming days, this is something that's going to have a lot of attention, just like election security. Matt, just real quick here, I'm wondering, do you think that the US has the capacity to generate to produce some of the parts necessary and motherboards

necessary for our computers. I think we do. We definitely have the technology to do it. Now. Again, we're talking about output the ability to manufacture this. That could take a while for that to come online. But I think you know the other thing that's really important here, and I guess this just might be the bottom line for this. You need to remember motherboards, these kind of chips. They're in everything from voting machines to mobile phones and m ris.

And again this was only once talked about as being hypothetical, but now allegedly it's become a reality. So companies need to immediately step up their third party risk management programs and to begin to really dig deeply into not only software development, but now hardware as well. I really sure that this is only the beginning. Thank you very much for being with us. Matt Chiandi is the vice president

and chief information security officer for Redlock. They are based in Philadelphia, and the topic is hacking and infiltration of hardware systems in the United States. The topic is trade and the effect on the industry that brings you many of the products that you enjoy, such as shoes and

clothing and various apparel items. Because the final tariff list that the President Donald Trump's has put together along with his trade representative for China includes textiles and many of the products that are used in the United States that then go into various types of apparel. Here to help us understand the topic is Edward Hertzman. He is the founder and the president of Sourcing Journal. Edward, thanks very

much for coming into the studio. Can you just describe for people the role that China plays currently in the supply chain for let's say the apparel industry. Well, China is has a huge role in the apparel and footwear

industry here in America. Just to put it roughly into some numbers, about thirty three of apparel coming into this country is manufactured in China, and about fifty to sixty percent the numbers could even be closer to seventy this year of all footwear imported into America are coming out of China. UM if twenty billion dollars of apparel came from China this past year. In two thousand and seventeen, UH India, which is also a mega player in the market,

UH exported four point five billion into America. So that shows you how vast of a difference and how large of an advantage China has in this market. So I just before we get into some of the recent trade agreements that we've struck. I'm wondering the tariffs that we've seen so far implemented, UH, particularly in this space on China, do you expect those to reduce the proportion of apparel

and footwear that comes here from China. Well as it stands today, UM, the majority of the tower that have been put into place are not affecting apparel and footwear. The concern that that the industry has is that UM, the next round which he is threatening of two hundred seventy five billion, which would basically include all five million plus five hundred billion plus coming out of China, would have to include at that point apparel and footwear, and therefore,

UM people are scrambling to figure figure out contingency plans. UM. The harsh reality here is, since China has so much market share and it's such a vertically integrated country, meaning that they not only sold the garments, they produced the fibers, the fabric, you know, the raw materials, it's gonna be very very difficult for people to move and a short period of time and even in a long period of time to these outside countries, just because whether it's Vietnam

or in the year, or Pakistan or Cambodia. They just don't have the capacity available to to make up the market share that China has, and there's gonna be baked in inflation into the system. So well as a rush to these countries. Being that there's limited capacity, they these countries are going to charge more money and therefore, whether it's China or another country, the prices are going to go up at the factory level. In looking at things like air freight demand global air freight, what is the

trend right now? Well, you know, speed to market has been top of mind for everyone right now. You know, we like the study models like Indie TEGs, Era, and what makes them so successful is their ability to get goods into the market very quickly, reduce inventory liability, get goods into the market quickly. That allows them to react if things are working, and if it's not working, their inventory liability is less as it's not as you know,

it's not as large. So one of the trends that we're seeing is while it's more expensive upfront air allows us to react very quickly. We don't have to wait for a you know, a twenty day boat to get stuff in, So it's we're seeing more of a trend as it applies to speed to market. Um, people are trying to utilize that as a means to get product in quicker. All right, So let's let's get to the trade agreement that we recently struck with Mexico, the US

and Canada. Uh. Some people are saying their aspects of it that are more free trade act parts of it that are more protectionist. Where do you stand? What do you think the retail industry will stand when this all shakes out, will be in a better position or worse? So, UM, there's a pro and eicon to this recent agreement. So it's now no longer NAFTA, it's the U S m c A, the United States Mexico. I can't. I can't get this acronym down U S m c A. So

United States, Mexico China agreement. I think that's I think that's it, UM on a on a high level. The the the positive is that it shows that Trump is not completely against global trade policy and global trade. So he is, you know, maybe the bark is a little bit bigger than the bite. He did not completely dismantle this agreement. But if we get into the nuances of it. UM. There's a little bit that we have to we have to realize here is that he's changed aaging some of

the conditions of the agreement. So if you're manufacturing, and it's really going to impact auto and apparel the most. So if you're looking at the apparel industry, UM, the sewing, thread, the pockets, the fabric all have to come from one of the countries that are part of this agreement. And if we look at Mexico largely it's a CMT based country, a lot of the fabric or or components may be imported in stitch there and then sewn into America. So the question that a lot of people have is, well,

how quickly can a country like this become vertical? How much of its UM accessories and inputs are they getting from China UM, So, how much will be business as usual and how much will be a scrambled to figure out how to continue importing the goods into this country duty free. In that same context, is it possible that Mexico has the technology, the workforce, and the infrastructure to

let's say, be a much bigger player in the footwear industry? Well? Yes, I mean apps really they have the workforce, they have the skill set. UM. A company like Flex who works with Nike has a factory there, you know they're they're really leading the charge in some of the automation UM in the footwear space. The question is not if, The question is when and how quickly can can these countries

um position themselves to to be a larger player. And if something happens in China or if if there is a larger impact with Mexico, um, there is going to be a period of time where there will be uh a lot of chaos happening, because nothing happens overnight in this industry. Just I'd love to get your thoughts quickly

on just in general. Given President Trump's current positions on trade, imposing tariffs, and given the precedent that we have with this new agreement with North America, do you think that things are going to get substantially harder and more expensive for retailers just based on the supply chains. Absolutely, there's

no way around it. So you know, there's there's there's not an anonymous agreement on this, but most of us believe that he will impose the balance two billion in tariffs, which therefore will impact all apparel and textile coming out of China. If that's the case, um anywhere from prices of goods in order to maintain the current margin and retail will have to go up ten to just to

keep the status quo. Companies like UM, Walmart, and Gap have already been public in saying that they're going to have to raise prices in order to uh, you know, incorporate these increased tariffs, you know, especially for lower margin retailers and brands. There's no way around it. Edward Hurtsman, thank you so much for being with us. Thank you. Chinese hackers have implanted tiny micro chip since servers that made their way into the data centers of some of

the world's biggest companies, including Amazon and Apple. It's all according to an investigation that was conducted by Bloomberg business Week, and it's important to note that in emailed statements, Amazon, Apple, and another company mentioned in this story, super Micro, have disputed summaries of Bloomberg BusinessWeek's reporting. Here to tell us more about this story is Jeremy Keen, Bloomberg editor. Jeremy,

thank you very much for joining us. Can you maybe describe for our listeners the genesis of this story certainly UM so Jordan Robertson and Michael Riley, who report on cybersecurity for US out of Washington. They starting with the tip, they began researching the story, pursuing lead's they talked to. Eventually the number reached into the triple figures, more than a hundred people they spoke to, and then a core group of about seventeen UM people who gave us a

window into the story. So let's talk about what the actual issue is. There was a micro chip that some of these big tech companies found in happenstance, Yes, tell

us about that. Well, so you know, most people, I think are used to hearing about software hacking, where you know, people use code to to get data out of out of places, And this story is more about the technology supply chain and how UM official sources tell us that they UM that they were able to at the factory level get a small micro chip into a server motherboard operated at plants that were subcontractors to an American company

they being China. That China was able to sort of get this micro chip into the motherboard right, and then people, this is a very This company sells a lot of server motherboards it goes into servers and those go into data centers UM for for clouds uh. In this case, a video streaming company was one of the ones that we focused on UM and then into the data centers run by larger entities, all right, Just to try to

condense it, just at least from my mind. In Amazon was looking to take over a company called Elemental Technologies, and as part of the due diligence that they were doing to make this acquisition, they're based in Portland. This is Elemental, they had to ship some of the servers that the company used that was supplied by a company called super Micro or super micro Computer. They're based in

San Jose. They take these servers they shipped into a third party to do an investigation, and what they find on the board on the motherboard here for these servers is a chip that was not part of the original design, right exactly, yes, And what does this chip allow whoever put it there? In this case, we maintain the Chinese

what does it allow you to do? So I want to be clear that it's not that we're saying that there's evidence that user data was taken or anything like that, but they what it does, is it gives them deep level access to a computer. So at the at the level where UM an administrator might be able to access the system, that's what you get. So it's possible that that an attacker could get into a system without a password, look at different parts of the network, UM, and and

that that kind of thing. Okay, But Amazon reported this right when they were they were looking to make this acquisition developmental and they found this out, they went WHOA, and they contacted the Department of Defense right right, And

our reporting suggests, uh, they contacted the authorities. We don't know exactly um who who it was in this UM, they did UM, so that this one out and the the government already had some intelligence to suggest that this had been going to happen, and at the point that they learned that there had been a citing, they began to investigate it more deeply, and we report on that all right, So just sort of to give a sense of what the implications here are, because this is actually massive,

the idea that China systematically implanted chips in the hardware that ended up on computers from everywhere from the Pentagon to the biggest technology companies, where they could basically have a backdoor entrance to a lot of different computers has huge and vast ranging implications. I'm just wondering. I mean, from what you were getting a sense of when you were talking with people, was this the reason why we're

having trade tensions with China? Is this the reason why you know that the US government has been increasingly tense with the nation. What's going on here? Well, our report shows that it's certainly something that's been of concern. We report that there was a there were meetings that took place in several years ago at the high level that in which it was technology companies were asked, can we find a solution to this? Um? And no, no evidence

that we've found one has emerged yet. UM As to what's going on, you know, behind behind the scenes, Uh, we don't know the extent to which is a motivating factor, but we do report that it's a reason for their concern. All right, Jeremy Keene, thank you so much for being here. This is not going to be a one day thing

because the implications here are pretty substantial. We don't know whether China necessarily used this backdoor exit I believe to access any information, but it does have pretty broad implications for UH, the supply chains that we have with China where they make a lot of this technological equipment, as well as the ongoing tensions with respect to trade. Jeremy Keane,

thank you so much for being with us. Jeremy Keane is Bloomberg editor who was working on this story that was reported out over a year with interviews with hundreds are actually more than a hundred individuals and Lisa brom WIT's along with my co host Pim Fox, and this

is Bloomberg Markets. We turn our attention now to g W Pharmaceuticals and I want to introduce the chief executive, Justin go Over, and g W Pharmaceuticals is set to launch it's cannabis drug after receiving a favorable drug classification review from the Drug Enforcement Agency. It has been previously approved by the US Food and Drug Administration. Justin go Over, thanks for being with us. Tell us about the the schedule for the launch of this cannabis drug and what

it's designed to do. Well, thank you for having me on the show. So so, this drug is called Epidialects. It's been approved by FDA for two forms of childhood onset epilepsy, so these are patients with seizures that have proven very difficult to control with existing anti epileptic drugs. The drug is UH contains a molecule called cannaby dial or CBD, which is a part of the marijuana plant

that does not make you high. And the product itself has been standardized and formulated to f d A standards to produce a medicine that can be prescribed by doctors, reimbursed by insurers, and so on. So that medicine was approved at the end of June m The d e A had three months after the end of June to put the product into a schedule. They did that about

a week ago. Now, um, it's the lowest form of class restriction classification within the scheduling regulations, and the drug will be available on prescription in about a month or so. How does the price of the drug compare with other anti epileptic medications. We've priced this medication such that it's in line with the other branded anti epileptic drugs that

these patients use. So um, the philosophy behind that is is, you know, we believe that obviously this isn't an innovation of first in class therapy providing relief where other drugs have failed. But with that, with all of that said, we we we've taken a pricing approach which is essentially to be in line with with the care that these patients now receive. Justin you're also working on other types of therapies, Can you give us a hint of your pipeline?

Certainly well At GW Pharmaceuticals, the company were founded actually twenty years ago with the sole focus of looking at cannabinoids, cannabinoids and molecules in the cannabis plant as potential pharmaceutical products. So what I mean by that is not medical marijuana and not sort of unstandardized, unregulated oils, but actually science based solutions with formulations that have been manufactured appropriately and

taken through the FDA process. So, in addition to epilepsy, our work so far suggests that cannabinoids have promise within the field of multiple sclerosis, within pain, within psychiatric disease, even oncology. So what we believe is that the approval and rescheduling of epidialects is the epilepsi medicine really opens up a brand new field for cannabinoids as therapeutics for

the future. And you know, we at GWC ourselves very much as leaders in the field worldwide and and have have real hopes now that a number of these future medications in different therapeutic areas can realistically become available as prescription medications in the future. And justin definitely a lot of people are interested in the cannon by it based medications, but there obviously is a lot of interest in medical marijuana use because people think that maybe it will have

a direct tie to recreational use. And I'm wondering, is there anything that you've seen with respect to the study of marijuana and its potential effects that will make it more palatable for the f D day, f d A

or the government to declassify it as an illegal drug. Well, I think that the central approach and philosophy that underpins our research is that when it comes to treating patients who are sick, that the appropriate way to do that, if at all possible, is through the utilization of prescription medications that has been approved by the FDA. After all, you know that that is what we are used to

in our day to day lives. When we go to a physician, we expect to have a medication for which we understand the dose thing, the safety profile, the efficacy and so on. So you know, I think, um, the impact of of of medical marijuana and its impact on recreational uses A is a parallel U is a parallel discussion. And I think what the f d A made a point of saying, and the d e A reiterated it last week, was that when FDA approved epidialects with specific medication,

they were not approving marijuana. They were not approving even the molecule in various forms. Yeah, justin justin medication, justin go For. We have to leave it there, unfortunately, really interesting, justin go For, Chief executive of GW Pharmaceuticals, based in California. Thank you so much for being with us. Thanks for listening to the Bloomberg P and L podcast. You can subscribe and listen to interviews at Apple Podcasts, SoundCloud, or

whatever podcast platform you prefer. I'm pim Fox. I'm on Twitter at pim Fox. I'm on Twitter at Lisa Abramo. It's one before the podcast. You can always catch us worldwide ID on Bloomberg Radio. H