Russian Software Pushwoosh Highlights Need for Vigilance on Foreign Ownership Risks in Supply Chain – Interos

By Interos Labs (Andrea Little Limbago & Joshua Clarke)

This week’s disclosure of a Russian firm masquerading as an American company highlights yet again the potential security concerns hidden within software supply chains.

The company, Pushwoosh, provides coding language and data processing for companies building software applications. Its code allows software developers to track and profile app users to customize the notifications they receive.

While Reuters’ exclusive story noted Pushwoosh’s integration with the Centers for Disease Control and Prevention (CDC), that agency was far from alone. Interos’ own analysis has identified additional industries and countries most at-risk of exposure to Pushwoosh code and potential data breaches.

We have also noted some of the tell-tale signs that organizations need to be on alert for regarding company ownership and location.

Pushwoosh and the Digital Supply Chain

At a time of growing concern over the national security threats within the information and telecommunications (ITC) supply chain, the Pushwoosh revelations are yet another reminder of the challenges and complexity of modern digital supply chains. Following on from last year’s investigations into JetBrains, a software company founded by three Russian engineers based in the Czech Republic, the Pushwoosh revelations have sparked similar concerns over foreign ownership risks.

They are also the latest reminder of the challenges and complexity of modern digital supply chains.

Pushwoosh is integrated with thousands of applications in major app stores and includes tracking software that allows Pushwoosh to collect sensitive Personally Identifiable Information (PII).

Depending on the application, the PII includes precise geolocation and health history information, “which could allow for invasive tracking at scale”, according to an expert quoted in the Reuters story.

Pushwoosh claims to be a Maryland-based company, but Russian filings list it in Novosibirsk, Russia. Instead of revealing its Russian location, Pushwoosh has previously listed under California and Washington, D.C. area addresses.

This deception not only masked the foreign ownership risk, but — considering Russian data collection policies — also put customer data at risk of seizure by Russian security services.

Hiding in Plain Sight?

Based on our analysis of Pushwoosh’s presence within global supply chains, we identified the top 10 industries and countries affected (see table).

Top 10 Industries and Countries for Pushwoosh Customers

Table identifying top ten industries and countries exposed to Pushwoosh.

While US software firms had the greatest single country-industry exposure, the prevalence may be much more limited in comparison to other supply chain vulnerabilities, such as Log4J.

Nevertheless, among those identified are several European industrial firms, a major US publisher, a cybersecurity company and Ukrainian telecom and transportation providers.

Pushwoosh has a breadth of Russian connections, including relationships with the following entities, some of which are on US restrictions and prohibitions lists:

  • TNT (Russian TV station, parent company Gazprom)
  • Ozon (aka the “Amazon of Russia”)
  • Rambler Media
  • Yandex
  • Mail.ru Group Limited

Pushwoosh’s significant footprint and integration across restricted and/or highly influential Russian companies should have been an early indicator of risk that warranted additional investigation of foreign influence.

Moreover, when looking into a range of open-source activity, it becomes clear that major Pushwoosh contributors have strong Russian connections or are Russian themselves. This underlines the growing importance of the Software Bill of Materials (SBOM), which not only is a security risk but will be a compliance risk as federal regulations continue to address SBOM requirements.

Gaining Visibility Across Your Supply Chain

This latest example of digital supply chain vulnerability comes on the back of a year of high-profile discoveries. Pushwoosh reflects the digital supply chain risks that can emerge from untrusted technologies within a company’s ecosystem.

Importantly, this is a case of a vendor deemed trustworthy, and so it remained off the radar until the recent exposure. The movement toward trusted networks was already well underway; Pushwoosh will likely reinforce the message that additional due diligence of ICT vendors is necessary.

At Interos, we provide the visibility into your extended supply chain, including identifying sanctioned foreign companies and their supply chain partnerships. We recommend reviewing your own extended supply chain to confirm whether Pushwoosh is present. Very often untrusted vendors are not in the first tier but rather are hidden in the second tier, third tier,

If you are concerned about the presence of Pushwoosh in your digital supply chain – or want to increase the resilience and visibility of your entire supply chain – contact Interos here.

Freight Railroad Strikes & The Supply Chain – Interos

By Alberto Coria, Operational Resilience Consultant

A pending freight railroad strike on December 4th — driven largely by railroad companies’ refusal to grant workers dedicated sick leave — could shut down most major U.S. railroads and upend supply chains across industries. 

Based on Interos’ unique supply chain analysis of the railroad supply chain, the most-affected industries are likely to be the automobile, chemical, energy, and agricultural verticals — with follow-on impacts reaching virtually every U.S. business and consumer. The strike could cost the U.S. economy as much as $2 billion per day

While organizations looking to get in front of the issues can take steps to mitigate them and bolster operational resilience — it’s unlikely that even the most proactive organization would be fully insulated from a disruption of this magnitude. 

Why Is a Freight Railroad Strike Potentially Happening?

In August of 2020, twelve railroad unions joined forces to sue Class 1 railroads over proposed benefits changes in their contracts, which included restricting access to certain medications and changing healthcare networks. By October of 2021, the courts had ruled in favor of the unions, stating that the Class 1 railroads would need to resolve the issues in good faith negotiation, directly with the twelve unions. This decision by the court ultimately granted the unions the legal right to a freight railroad strike if they could not reach an agreement with the Class 1 railroads. 

By July 2022, the Biden administration began to take an interest in the proceedings, and through the National Mediation Board requested both sides to report to Washington D.C. for a “public interest” session designed to create a voluntary agreement. When the negotiations broke down, the Biden administration created an emergency board to try and reach a consensus.

On August 15, 2022, both the unions and Class 1 railroads reached an impasse in negotiations, causing a 30-day “cooling-off” period to be established. At the end of this cooling-off period, on September 15, 2022, the unions would be legally able to strike. 

Hours before the rail unions were set to announce a nationwide freight railroad strike, both sides reached a tentative agreement after twenty hours of negotiations mediated by U.S. Labor Secretary Marty Walsh. The unions then had to return to their members and call for a ratification vote to fully approve the agreement. By the end of October, two unions — the Brotherhood of Maintenance of Way Employees Division and the Brotherhood of Railroad Signalmen — had voted against ratification of the agreement due to the lack of inclusion of paid sick leave.

The unions and the Class 1 railroads now have until November 19 to reach a new agreement, before the unions are legally allowed to strike — which means that companies need to be aware of their dependency on the freight railroad supply chain as soon as possible.

A timeline of events beginning on Aug. 2020 leading to a possible freight railroad strike.

The Supply Chain Impact: Automobiles, Energy, Chemical, and Agriculture Industries Most Affected

While a shutdown of Class 1 railroads would have far-reaching effects across virtually every industry, Interos’ analysis found the following verticals would see the most immediate and severe impact:

Automobiles

In the U.S. there are between 25,000 to 30,000 carloads of vehicles and auto parts moved by rail per week. This is due to much of the U.S. auto industry having their parts, or the car itself, assembled in Mexico, Canada, and the United States. Shipping by rail within North America is the most efficient way for companies to deliver automobiles to customers or dealerships, leading to nearly 75% of new vehicles in the U.S. being moved by freight rail. 

Energy

On average, over 300,000 barrels of crude oil and 5 million barrels of propane are transported by rail in the U.S. every day. Additionally, 75% of coal produced in the U.S. is transported by rail. Given that coal makes up ~22% of U.S. electricity generation, the effect of a rail labor strike on energy prices will be drastic. Disruptions to the energy industry will occur in the lead-up to the deadline, as railroads cannot leave hazardous materials unattended in the case of a strike. This will cause railroads to curtail shipments prior to the actual strike.

Chemicals

20% of all chemical transportation in the U.S. is done via rail and Class 1 railroads moved an average of about 34,000 carloads per week of chemicals in 2021. This reliance on rail transit leaves the industry highly exposed to a rail labor strike. Over 50% of all rail chemical carloads consist of industrial chemicals, including soda ash, caustic soda, urea, sulfuric acid, and anhydrous ammonia. Additionally, 70% of the ethanol  an additive in most gasoline — produced in the U.S. is transported by rail. 

Agriculture

Anytime there is uncertainty surrounding a rail labor strike in the U.S., the fertilizer industry loses five shipping days due to the ramp-down that is required to curtail shipments of hazardous materials prior to the deadline. Additionally, due to the recent shutoff of natural gas supplies to Europe, 80% of European production of fertilizer has been halted. A strike would only further destabilize an already-fragile fertilizer industry — significantly disrupting all of U.S. agriculture and food production. The industry is highly exposed to a rail labor strike. 774,000 carloads of corn, 296,000 carloads of wheat, and 299,000 carloads of soybeans were transported by rail in 2021.

What Actions Can I Take to Prepare for Railroad Supply Chain Disruptions?

While a deal between unions and Class 1 railroads is still a viable option, railroads will begin to curtail operations in the week before December 4th to ensure they can shut down safely and comply with regulations in case of a freight railroad strike. 

Interos recommends firms begin acting to ensure their supply chains remain resilient and unaffected as soon as possible, by taking proactive measures and coordinating with suppliers. Our recommendations include:

  • In times of capacity restraints resulting from a freight railroad strike, logistics carriers may prefer customers who have already been shipping via different methods. Clients should leverage existing relationships with logistics carriers. 
  • Proactively identify alternative shipping methods with critical suppliers before the impact of the shutdown may be realized. 
  • The industry with the greatest exposure to rail strikes is the chemicals industry as a disproportionate share of chemical products are shipped via rail. Interos recommends identifying suppliers providing chemical products, or that are themselves reliant on chemical products, which would therefore be most sensitive to railroad supply chain issues.
  • During the leadup to the last period of uncertainty surrounding a labor strike in September 2022, hazardous materials were the first shipments to be curtailed due to U.S. government dangerous goods regulations. Interos recommends evaluating any hazardous shipments that may be curtailed within a 5-day range of the December 4th deadline.

Organizations looking to understand where the next big supply chain shock is coming from – and which suppliers they need to engage with to mitigate the impact – should consider investing in supply chain visibility and operational resilience solutions. Most organizations plan to implement them by Q2 2023 — a fact we learned from our annual supply chain industry survey.

Mapping the Solar Panel Supply Chain is Key to Avoiding Forced Labor Risks

By Geraint John and Daniel Karns

Solar panels (and the solar panel supply chain) have an important role to play in the global transition to clean energy, but China’s use of forced labor to produce key components represents a tangible supply chain risk for U.S.-based companies.

Polysilicon – an essential material in the solar photovoltaic supply chain – is one of three items specifically targeted by the Uyghur Forced Labor Prevention Act (UFLPA), which took effect in June. It gives U.S. Customs and Border Protection (CBP) officers the right to detain imported products suspected of being made or partly made in the Xinjiang region of China.

A delayed and much-anticipated report on the situation in Xinjiang published in August by the UN High Commissioner for Human Rights accused China of “serious human rights violations” that “may constitute international crimes”.

As of the end of September – three months into implementation of the UFLPA – CBP commissioner Chris Magnus said that almost half of the 3,000-plus shipments detained by his agency were covered by the new law, with an estimated value of nearly $500 million. He didn’t specify the products affected, but several leading Chinese solar panel suppliers are reported to have had shipments detained or sent back.

Failing to comply with the UFLPA, knowingly or otherwise, presents serious financial, operational and reputational risks for American solar energy and other firms that need to be addressed.

China Continues to Dominate the Solar Supply Chain

Xinjiang, which is home to the predominantly Muslim ethnic minority Uyghur population, produces about 40% of the world’s supply of polysilicon, a high-purity grade of silicon mined from quartz. This is cast into ingots, which are then cut into wafers and used to make the solar cells that are, in turn, assembled into finished panels (modules).

Action by successive U.S. administrations over the past decade has largely halted the direct import of these products from China:

  • Starting in March 2012, the U.S. Department of Commerce imposed tariffs of up to 165% on Chinese solar cells and panels in an effort to stop the dumping of low-cost products into the U.S. market. These measures were ratified and extended in 2014, 2018 and in February of this year.
  • In June 2021, the U.S. Department of Labor added polysilicon from Xinjiang to its annually updated List of Goods Produced by Child Labor or Forced Labor. It joins nine other product groups thought to involve the use of forced labor in the region, including cotton, tomatoes, footwear and textiles.
  • Later that same month, the CBP issued a Withhold Release Order (WRO) against Hoshine Silicon Industry Co. Ltd, a Xinjiang-based firm accused of using intimidation, threats and restricted movement practices against its workforce. The WRO instructs U.S. port officers to detain shipments of silica-based products made by the company and its subsidiaries.

The U.S. Solar Panel Supply Chain

As a result of these actions, U.S. imports of solar panels now come mainly from other countries in Asia. In the final quarter of 2021, Vietnam, Malaysia and Thailand accounted for more than 80% of shipments (see chart).


Pie chart showing origins of US solar panel supplies. Vietnam, Malaysia, and Thailand are the top 3 countries, followed by S. Korea and Cambodia.

However, as with lithium-ion batteries, China dominates solar supply chains. Seven of the world’s 10 biggest solar panel makers are Chinese, and according to U.S. government agencies:

  • China owns 72% of global manufacturing capacity for polysilicon (with 54% of total output produced in Xinjiang).
  • In addition, China controls 98% of global manufacturing capacity for ingots, 97% for solar wafers, 81% for solar cells and 77% for solar panels.
  • Three-quarters of solar cells installed in the U.S. are made by subsidiaries of Chinese firms operating in Vietnam, Malaysia and Thailand, which import large quantities of solar materials from China.

An analysis of Interos’ global relationship platform data in August found:

  • 120 direct, tier-1 relationships between U.S. buyers and Chinese solar panel suppliers.
  • Almost 9,500 indirect, tier-2 relationships, with the vast majority accounted for by four suppliers: JinkoSolar Holding Co. Ltd; JA Solar Holdings Co. Ltd; Trina Solar Co. Ltd; and Suntech Power Holdings Co. Ltd.
  • Hoshine Silicon Industry Co. Ltd – the subject of last year’s WRO action – had just five direct relationships with U.S. buyers, but more than 160 tier-2 connections.

Guilty Until Proven Innocent

Unlike some previous supply chain-oriented legislation, the UFLPA puts on the onus on importers to demonstrate that solar products have not involved the use of forced labor.

In its guidance to importers, CBP notes that “imports of all goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part in the Xinjiang Uyghur Autonomous Region (Xinjiang) of the People’s Republic of China (PRC), or by entities identified by the U.S. government on the UFLPA Entity List, are presumed to be made with forced labor and are prohibited from entry into the United States.”

It continues: “The presumption also applies to goods made in, or shipped through, the PRC and other countries that include inputs made in Xinjiang.”

Mapping solar supply chains is therefore an essential foundation for companies to comply with the UFLPA. Speaking to Bloomberg earlier this month, AnnMarie Highsmith, an executive assistant commissioner at CBP, said companies needed tools to identify potential forced labor in their supply chains and avoid unwitting violations of the act.

A particular danger here is “supply chain washing” – where suppliers seek to avoid the UFLPA and other trade restrictions by routing raw materials, components and finished products tainted by forced labor through intermediary countries.

What can you do to safeguard your solar panel supply chain?

Alongside mapping and monitoring activities, CBP’s guidance document stipulates the following in relation to polysilicon:

  • “Importers need to provide complete records of transactions and supply chain documentation that demonstrate all entities involved in the manufacture, manipulation, or export of a particular good, and the country of origin of each material used in the production of the products going back to the suspected source of forced labor, i.e., production in Xinjiang or by an entity on the UFLPA Strategy entities lists.
  • “Provide a flow chart mapping each step in the procurement and production of all materials and identify the region where each material in the production originated (e.g., from location of the quartzite used to make polysilicon, to the location of manufacturing facilities producing polysilicon, to the location of facilities producing downstream goods used to make the imported good).
  • “Provide a list of all entities associated with each step of the production process, with citations denoting the business records used to identify each upstream party with whom the importer did not directly transact.
  • “Importers should be aware that imports of goods from factories that source polysilicon both from within Xinjiang and outside of Xinjiang risk being subject to detention, as it may be harder to verify that the supply chain is using only non-Xinjiang polysilicon and that the materials have not been replaced by or co-mingled with Xinjiang polysilicon at any point in the manufacturing process.”

CBP officials acknowledge that more staff are needed to fully monitor and enforce UFLPA requirements at U.S. ports of entry. But experience from its first quarter of operation suggests that companies cannot afford to be complacent about the act, which sets a new and higher bar for supply chain risk management.

US Government Adds New Supply Chain Restrictions on China, Russia, as Compliance Challenge Increases

By Andrea Little Limbago

Significant U.S. policy shifts toward technology exports to China have occurred over the last few weeks. By some accounts they are the biggest shifts in decades. Indicative of the growing implementation of prohibitions and restrictions, the U.S. has announced a steady drumbeat of export controls aimed at both crippling Chinese semiconductor manufacturing and fostering more secure and trusted technology ecosystems within U.S. supply chains.

While these latest restrictions are touted by some as unprecedented, they are not surprising. Instead, they are part of the growing trend we have detailed regarding the collision of economic warfare and compliance. Since 2016, the U.S. Department of Commerce’s Entity List alone has added over a thousand Chinese and Russian companies. Inclusion on the Entity List prohibits U.S. companies from purchasing goods and materials from that entity. There are dozens of other restriction lists as well, including those within the Departments of Commerce, Treasury, Defense, and State and Federal Communications Commission.

Chart showing the growth in additions to the Commerce Dept.'s restricted entities list.

The Latest Wave of Restrictions: Semiconductors

The Biden Administration announced the most extensive technology restrictions on October 7th, aimed at limiting semiconductor materials shipped to China. The new restrictions expanded the scope of the Export Administration Restrictions (EAR) on 28 Chinese companies, the majority of which were already on the Entity List, adding a new license requirement and additional rules. These rules target U.S. national security concerns, and add certain advanced semiconductor technologies to the Commerce Control List (CCL) as well as rules pertaining to end-use controls and additional license requirements.

However, the new rules do not stop there. They also add 31 Chinese companies to Commerce Department’s Unverified List, a designation for companies ‘whose bona fides’ have not been verified; that is, where U.S. officials have not completed site visits to establish whether they can be trusted with critical technologies. If the U.S. government is prevented from future site visits, these companies will then be escalated to the Entity List.

New Supply Chain Restrictions also focus on Russia

This latest round of restrictions announcements comes on the heels of three other announcements since late September. On September 20, the Federal Communications Commission (FCC) added China Unicom and PacNet/ComNet companies to its Covered List, referring to Section 2 of the 2019 Secure and Trusted Communications Networks Act. On September 30, Commerce added 57 additional Russian entities to the Entity List, bringing the total to well over 500 entities since Russia’s invasion of Ukraine in February. A few days later, on October 5, the Department of Defense updated Section 1260H of National Defense Authorization Act 2021. This update included over a dozen new Chinese companies identified as military companies operating in the United States.  Two days later, President Biden announced the sweeping restrictions targeting the Chinese semiconductor industry.

These additions alone have a far-reaching impact. Over a third of Fortune 500 companies have had at least one of these new additions within the first tier of their supply chain. This more than doubles to almost 80% when looking at their tier 2 and tier 3 relationships. In short, this is a significant compliance risk that for some may be below the radar. Organizations should review their supply chains for these additions to assess their own risks.

Watch to see how to identify restrictions risks within the Interos platform. 

Industrial Policy, Collaboration, and a Reglobalized Economy

The United States is not alone in these latest restrictions. As Commerce’s Russian restrictions press release notes, 37 allies and partners have implemented similar controls. The European Union has issued its eighth tranche of Russian sanctions, this time targeting critical chemicals. Earlier this year, the European Union presented a new supply chain law targeting human rights violations in response to the growth of human rights violations, especially in China. The unprecedented implementation of these restrictions by the U.S., allies, and partners is introducing new compliance challenges and extremely difficult to stay on top of without significant effort.

But that effort is essential for resilience in the ‘new normal.’ Geopolitically-driven restrictions are splintering global supply chains along geopolitical fault lines, indicative of the core characteristics defining the emerging world order. As the Economist notes, a new macroeconomic era is underway. But it is more than that. The October 7 restrictions have already led to almost $9B in losses for Chinese semiconductor stocks and U.S. suppliers are halting business activities and pulling out staff in China. There likely will be some retaliation as China also has its own unreliable entity list and pursues the ‘Made in China 2025’ agenda.

At Interos, we will continue monitoring the wide range of restrictions, their subsequent compliance challenges, and their role in the ongoing transformations reshaping globalization and supply chains.

Nord Stream Pipeline Leaks Underscore Threats to Critical Energy Infrastructure

By: Trevor Howe, Senior Operational Resilience Consultant

On September 26th, sudden drops in pressure were observed in the natural gas pipeline Nord Stream 2 before undersea leaks were detected in the Baltic Sea. Shortly thereafter, leaks were also detected for Nord Stream 1. While the pipelines are not currently facilitating gas flows from Russia to Europe, they were filled with natural gas which has leaked into the Baltic, creating an operational hazard for vessels in the area. The Prime Minister of Sweden, Magdalena Andersson, disclosed to a news conference on September 27th that seismologists in Sweden, as well as Denmark, had registered two powerful blasts the day prior in the vicinity of the leaks. Moreover, the explosions occurred in the water, not under the seabed, and at relatively shallow depths which would be reachable by divers or unmanned underwater vehicles.

Nord Stream Sabotage Damages European Energy Infrastructure

While these explosions occurred inside the exclusive economic zones of Sweden and Denmark, they have not been considered an attack on either country, which could trigger NATO intervention through Article V of the Washington Treaty. European Officials, including NATO, have claimed that the explosions were the result of sabotage, though the European Union has not yet named a perpetrator or suggested a reason behind the incidents. The Kremlin’s spokesman, Dmitry Peskov, also told reports that the incidents could have been the result of sabotage and that they would promptly investigate the matter.

While investigations are underway to ascertain the cause of the explosions and responsible parties, neither pipeline was active and these incidents should have no immediate effect on the supply of natural gas to Europe, though they have put additional upward pressure on prices.

Operational Threats Against Energy Infrastructure & Supply Chain

What the Nord Stream events highlight is the fact that European critical infrastructure can be a potential target for those seeking to precipitate disruptions and undermine energy security on the continent. This threat is made particularly dangerous amid EU Member States’ efforts to prepare for the winter season without Russian natural gas.

The speaker of Lithuania’s parliament, Viktoria Čmilytė-Nielsen pointed out that “these incidents show that energy infrastructure is not safe” and that “[the explosions] can be interpreted as a warning.” If indeed these explosions were intended as a warning, it is possible the threat could be directed towards the Baltic Pipe, a new gas pipeline carrying supplies from Norway through Denmark to Poland which was just opened on September 27. Norway has been a crucial supplier to Europe amid the scramble to replace Russian energy, so disruptions to Norwegian exports could have significant downstream effects. However, it is crucial to note that this threat is not unique to Norwegian energy infrastructure.

Cyber Threats Against Energy Infrastructure

While physical threats to critical infrastructure (as defined by Council Directive 2008/114/EC of 8 December 2008) are a priority for EU Member States, governments must also prepare against cyber threats. According to the Commission, “traditional energy technologies are becoming progressively more connected to modern, digital technologies and networks,” and while this makes the energy system smarter, “digitalization creates significant risks as an increased exposure to cyberattacks and cybersecurity incidents potentially jeopardizes the security of energy supply and the privacy of consumer data.”

One need only look to the disruptions caused in the U.S. in the wake of the ransomware attack against the Colonial Pipeline Company in May 2021 which led to the shutdown of 5,500 miles of pipeline carrying around 45% of fuel supplies on the East Coast. That attack was made possible by a single password being compromised for a legacy virtual private network (VPN) which didn’t use two-factor authentication. A relatively simple theft enabled hackers to disrupt one of the country’s largest and most vital pipelines, forcing President Biden to declare a state of emergency.

Europe is not immune to threats similar to the Colonial Pipeline cyberattack. Early February 2022 saw a slew of cyberattacks against oil transport and storage companies across the continent. These attacks forced an affected company, Oiltanking Deutschalnd GmbH & Co. KG, to operate at a limited capacity and even caused slowdowns at ports in the Netherlands as barges awaited oil deliveries. With supply chains in a state of recovery due to the COVID-19 pandemic, disruption events like this have the potential to set recovery efforts back significantly, especially at a time when energy security in Europe is a top priority.

Russian Hybrid Warfare

Though Russia has wielded energy as a foreign policy weapon, by cutting flows entirely through the Yamal pipeline and Nord Stream 1 the Kremlin has lost leverage in terms of the future damage it can unilaterally instill via energy exports to Europe. As a result, it would be unsurprising if Russia were to employ additional hybrid warfare tactics in the form of cyberattacks, an area in which the Kremlin wields asymmetrically advanced capabilities, to further Russian national interests. These could include attacks which target critical energy infrastructure to further destabilize Europe’s energy security and put more upward pressure on energy prices which threaten business’ operations across the continent.

Multiple entities in Russia are known to possess and deploy advanced cyber capabilities against adversarial targets, this includes Russia’s Federal Security Service (FSB); Russia’s Military Intelligence Agency (GRU); Russia’s Foreign Intelligence Service (SVR); and a private organization, the Internet Research Agency (IRA). These actors can act alone, or in tandem with one another, to devastating effect if they so desired to further destabilize Europe’s energy security.

Supply Chain Risk Management

To guard against physical disruptions, Norway and Denmark have already stepped-up security posturing around their oil and gas industries’ infrastructure, rigs, and buildings after the Nord Stream incidents. However, physical security does not guard against cyberattacks which can be mounted from halfway across the world.

Companies can better-understand their risk exposure to physical and digital infrastructure attacks by gaining greater visibility into their third parties’ risk posture. Doing this at-speed, continuously, and without breaking the budget requires artificial intelligence-driven software like the Resilience platform offered by Interos.

Additionally, entities should implement risk management programs, conduct internal reviews to assess their own security posture, prepare and test resilience plans for likely scenarios, and strengthen collaboration with stakeholders in their respective industries to better manage risk in their supply chains.

Climate Change and Data Center Shutdowns Are Causing a Supply Chain Crisis

by Julia Hazel, Ph.D

Climate change-driven extreme weather events wreaked havoc across the world this past summer and amplified concerns of data center resiliency. The possibility that “The Internet wasn’t built to endure climate change,as stated in InformationWeek, seems more likely than ever. In July, an unprecedented heat wave hit the UK and temperatures reached the highest ever recorded in the region. In addition to the toll on human life and devastating wildfires, the heat also impacted the data center industry. At least two data centers controlled by Google and Oracle were forced to shut down due to cooling system problems. Unfortunately, this likely was not a black swan event. As with many other global challenges, the black swan is dead, and the shutdown is indicative of the growing risk water scarcity poses to data centers and supply chains across the globe.

Data Centers, Supply Chains, and Climate Change

Data centers power the cloud infrastructure fundamental to modern daily life and the overall functioning of businesses and industries. Cloud infrastructure is imperative to the supply chain and allows for logistical efficiency, management of inventory, and enterprise planning. Outages in London underscore the fact that data centers are an often-overlooked component of supply chains that are increasingly under heightened risk from climate change. Data center closures due to extreme weather events — which are projected to become more severe in the coming years — will lead to rising costs and disruptions across the supply chain. 

The risks to data centers from climate change extend beyond heat waves. Data centers need vast amounts of water for two purposes: electricity generation and cooling. Drought and water scarcity are therefore enormous threats to operations. According to Your Computer is on Fire, midsize data center consumes about 400,000 gallons of water each day while larger data centers can consume up to 1.7 million gallons (about twice the volume of an Olympic-size swimming pool) per day. In a paper published last year, it was reported that the U.S. data center industry uses water from 90% of U.S. watersheds, and 20% of data centers rely on watersheds under moderate to high stress. Water use limitation has not been prioritized due to the tradeoff between using more energy-intensive closed loop chillers or water-intensive evaporative cooling. In short, water scarcity will pose an extreme risk to data center operations, and more attention should be focused on water usage and operational resilience given the threat of climate change.

A Global Analysis of Data Centers and Water Scarcity

The threat that climate change poses to exacerbating drought motivates our analysis on data centers found in water-scarce regions that place extra stress on the already strained environment. We compare global data center facility locations to both the historical drought risk, based on the historical frequency of drought events weighted by magnitude, and the drought risk we attribute to climate change, based on the linear multi-decadal trend of drought severity. The drought risk is calculated from global Climate Research Unit Palmer Drought Severity Index data that spans 1901-2021 and scaled between 0-100 globally on a 10km-by-10km grid. We consider drought risk scores below 34 to be “high” risk and scores below 67 to be “medium” risk.        

Our findings show that out of 4,772 global data centers, 34 are within areas that have a historical high drought risk, and 665 are located within areas of medium drought risk. Those data centers within high-risk locations are primarily located within Arizona, which has recently become a data center hotspot for large U.S. companies such as Microsoft, Google, and Facebook despite record low water levels at Lake Meade and the Colorado river.  

These numbers are even more stark when looking at the drought risk attributed to climate change. Looking ahead at the future risks posed by climate change, 15% of global data centers are in high-risk areas such as the Southwestern U.S., Western Europe, and Japan, where the trend in drought conditions has worsened in recent decades, and approximately 33% or 1,566 of all data center facilities are within medium risk areas. Equinix, one of the largest data center corporations that serves companies such as Amazon, Facebook, and Apple, has multiple locations within these high-risk areas.

Climate change will lead to unpredictable events and various disruptions, and these risks need to be mitigated where possible. Our analysis of drought risk and data center facilities highlights the need for climate change to be considered when constructing data centers and assessing the potential supply chain disruptions that may occur at the intersection of data centers and water scarcity. The geographic locations of these data centers will determine their water footprint and their resultant impact on the surrounding environment, in many cases exacerbating already pressing water shortages.   

The risk of climate change to data centers extends beyond water scarcity and droughts. Hurricanes and severe weather, forecasted to become more severe with climate change, will pose a large cybersecurity risk to data centers if critical infrastructure is damaged during these events. Given the importance of cloud infrastructure to the supply chain, organizations should itemize those data centers on which their supply chains (and their livelihoods) rely and assess the current and future risks posed by climate change to augment their resiliency and avoid disruption from climate-related events.

To learn more about how the Interos platform can help prepare companies to face climate change challenges, visit interos.ai.

Why Drought Risk Must Be Upgraded in Supply Chain Decision-Making

By Geraint John

As if a pandemic, war, labor strikes, and rampant inflation weren’t enough, supply chain leaders now have another disruptive force to contend with – mass-scale drought.

From the U.S. and South America to Western Europe and China, record-breaking heatwaves and exceptionally low rainfall are disrupting not only agriculture, but also power generation, manufacturing, and logistics, necessitating drought risk management on a massive scale.

For many companies, severe water scarcity will be the first tangible impact of the relationship between climate change and supply chains. It should act as a wake-up call to take this category of supply chain risk more seriously and model it more systematically in footprint investment and supplier selection decisions.

Manufacturers are suffering from the heat

Farmers and agricultural producers are used to drought risk and their crops being at the mercy of extreme weather, from major storms and floods to wildfires and drought. But for manufacturers, recent events are more unusual, and make operational resilience more important than ever before.

In Germany, chemicals firms and car makers are among those that have been affected by low river levels in the Rhine, making it impossible for the biggest barges to transport their products to ports and onwards to customers.

Almost half of Europe is currently experiencing drought, according to a new European Commission report – the worst situation in 500 years.

In China, which is battling its most severe heatwave on record, hydroelectric power plants have been taken offline this month by low water levels in the Yangtze River. This has forced many manufacturing firms in Sichuan, Zhejiang, Jiangsu, and Anhui provinces to suspend operations.

Those impacted by rationing measures include Toyota, Volkswagen, Apple supplier Foxconn, and CATL – China’s biggest lithium-ion battery maker – according to news reports.

Analysis of Interos’ global relationship mapping platform data shows that:

  • There are over 560,000 relationships between suppliers in the four affected Chinese provinces and buyers outside of China.
  • More than 185,000 distinct foreign entities buy from Chinese suppliers in these regions.
  • The main industries represented by these trading relationships include machinery, electronic equipment and components, chemicals, and textiles.
  • In Germany, BASF – the world’s largest chemicals company and a major user of the Rhine for transportation – supplies almost 1,400 customers directly (tier 1) and over 86,000 indirectly (tier 2) in sectors such as chemicals, pharmaceuticals, food products, and apparel.

Drought risk management is an increasingly dire concern

While the scale and intensity of this summer’s droughts are the worst for many years, they shouldn’t come as a big surprise to companies that have been following discussions about climate change and supply chain risks:

  • Research by the United Nations shows that the number of droughts across the world has risen by 29% since 2000. 
  • The Intergovernmental Panel on Climate Change has been warning that drought and other extreme weather events are becoming more common since its formation in 1988.
  • Extreme weather was ranked as the number one most likely risk in the World Economic Forum’s annual global risks perception survey for five years in a row from 2017.

As climate change increasingly impacts supply chains, the implications are dire. Interos’ proprietary risk i-Score shows that in terms of “natural disasters” (an attribute of operational risk that includes meteorological and climatological events):

  • China is in the top 10 highest-risk countries and territories, with a ranking of 240 out of 249 and a score of 12.1/100.
  • The U.S. is in the top 20 highest-risk countries and territories, with a ranking of 234 out of 249 and a score of 14/100.
  • Germany is, by comparison, considered much lower risk for natural disasters, with a score of 82.4/100, although it still only ranks mid-table at number 134.

A Gartner survey of procurement leaders in the DACH region last year found that extreme weather and natural disasters were rated as the third highest risk for the next 2-3 years after cyber attacks and supply shortages.

A quarter of the sample also rated climate change as very or extremely concerning, putting it ahead of pandemics, geopolitical tensions, and trade disputes (see chart).

Concern About Risks and Disruptive Events Over the Next 2-3 Years

Past events are not always a guide to climate change and supply chain risks

Sentiment in the U.S. and other parts of the world will no doubt vary somewhat, but these findings demonstrate that drought risk management and other extreme weather concerns are recognized as more significant supply chain risks than they would have been a few years ago.

Another recently published Gartner survey found that just 11% of 320 supply chain leaders “do not consider climate change as a future risk”.

  • Just over a quarter (27%) said they had conducted a climate change risk assessment and identified their most critical supply chain risks.
  • Just under a fifth (18%) had conducted risk assessments and scenario planning around climate change.
  • Almost half (44%) said they had “a general sense of potential future climate risks based on events from the last three years”.

This last finding is a little concerning, given the extremely hot and dry conditions afflicting so many countries in recent months. 

The lesson must surely be that the risk of drought risk management – along with other disruptive weather considerations – is no longer as predictable and as confined to certain areas of the world as it used to be. The future is going to look different than the past, so relying solely on historical patterns is dangerous.

Instead, companies are going to need to model climate change-related supply chain risks much more diligently than they have previously when deciding where to build new manufacturing and distribution facilities, and when making critical supplier selection decisions

To learn about how the Interos platform can help to protect your supply chain from drought risks and other potential impacts of climate change, visit interos.ai

What’s Causing Port Backups and Shipping Delays? – Interos

By Alberto Coria

Since 2020, shipping delays have been one of the defining supply chain disruptions of the pandemic era. For several years those delays could be largely attributed to port backups, with cargo ships stuck in long backlogs, waiting to dock and unload containers.

Now, the chokepoint has moved further downstream to the “dwell times” containers are facing at ports before being shipped to warehouses. These dwell times have grown due to a nationwide shortage of intermodal chassis (the unique trailer trucks use to move shipping containers between ports, railways, and shipper facilities) which has caused railyards to become congested and affected their ability to accommodate shipments from ports.

While labor issues have not yet become a critical factor in port or railyard congestion, disputes with unions still linger and pose a potential operational disruption in the future. Understanding the complexity of the situation at U.S. ports is critical for protecting your supply chain, as is investing in resilience-focused technologies that enable insight into that complexity.

In this blog, the analysts from Interos dive deeper into the causes behind increased dwell times, and the ripple effect they’re having across the entire U.S. supply chain.

Infrastructure

U.S. ports have now reduced the backlog of ships waiting in port by an average of 70%, but the issue now lies in dwell times, which is how long goods must sit at ports before they can be transported to warehouses or their final destinations. Due to an ongoing backlog at railroad terminals such as in Chicago, ports don’t have the capacity to move goods out of their ports fast enough once they are unloaded off ships.

Shortage of Intermodal Chassis

An intermodal chassis is a rubber-tired trailer under-frame on which a container is mounted for truck transport and is necessary to transport containers from ocean or rail to truck. A nationwide shortage of intermodal chassis is one of the key drivers behind rising dwell times at ports. Additionally, a surge in shipments that has elevated the need for intermodal chassis in the U.S. has occurred at the same time as U.S. tariffs have reduced the imports of chassis units from China. The tariffs, which were announced in September 2018, caused chassis imports from China to decrease by 25,000 – 30,000 units in 2019, with American manufacturers failing to increase production at levels needed to replace the lost units.

Line graph showing chassis imports over time.

Surge in China Shipments

As COVID-19 emerged in China and became a worldwide pandemic in March of 2020, shipments from China to the U.S. dropped. With COVID regulations in the U.S. also beginning to take effect, port labor was furloughed or cut. Once trade resumed, port workers were slow to return to work as shipments began to rise again, creating a backlog of ships waiting to dock at U.S. West Coast ports. This backlog was only reduced to normal levels at the end of Q2 2022.

Line graph showing a rise in Shipments from China over the course of 2019 - 2022.

When the port of Shanghai was under lockdown due to China’s “zero-COVID” policies in May and July of 2022, shipments slightly dropped before surging upwards to levels typically only seen during the holiday season in the U.S. ($48.6 billion USD in June 2022, similar to $49.9 billion USD in December of 2021).

As shipments from China to the U.S. were continuously rising, a surge of imports after the Shanghai port closure occurred at the same time as a national intermodal chassis shortage was occurring in the United States. Railroad terminals had a backlog of containers as they could not find intermodal chassis to offload the containers to trucks, forcing them to reduce shipments from ports, and in turn, causing the dwell time for containers at ports to rise.

Railroad Congestion and Port Dwell Times

Due to the shortage of intermodal chassis in the U.S., railroad terminals such as Chicago are not able to offload their cargo to trucks and have containers sitting on railcars in their terminals, which is, in turn, limiting their ability to take in more shipments from ports.

Chicago’s railyard is the world’s third busiest intermodal hub, where nearly a quarter of the U.S.’ rail shipments arrive or pass through. Chicago is also one of the nation’s prime distribution hubs, as it is within a 500-mile journey of about one-third of the U.S. population. With Chicago playing such an important role within the freight railroad ecosystem, its congestion is one of the key drivers behind the rising dwell times at key U.S. ports such as LA, Long Beach, Savannah, New York, and Charleston.

Another issue causing Chicago’s railyard to experience such high congestion has been a pandemic-driven decrease in the number of rail workers, while railroad operators simultaneously moved to implement precision-scheduled railroading (PSR). PSR is a strategy for railroads to drive more efficient operations on fixed schedules, with the intent to use fewer railcars, and fewer terminals, and provide predictable and reliable service. However, the PSR implementation effectively made railroad operators unable to deal with fluctuations in the supply chain, and with the recent surge of shipments from China, the industry has found itself to have a shortage of equipment to deal with the surge.

In some ways, PSR is a microcosm of the bigger-picture supply chain problems created by the dominant Just-in-Time (JIT) inventory/operational model that has dominated international trade and manufacturing for the past forty years. The JIT model also leverages highly precise scheduling and demand forecasting to minimize storage and shipment costs, prioritizing efficiency over most other metrics for success. Like PSR, the JIT model similarly buckled under the unpredictable demand spikes crated by COVID. Taken together, the failure of both of these systems makes the case that resilience must demand equal or even greater priority than efficiency.

Labor Issues

In contrast to the ongoing infrastructure issues causing port and railyard congestion, labor disputes for both industries appear to be negotiated in good faith by port and rail operators. The majority of labor disputes are regarding port or rail operators seeking to purchase equipment that increases the level of automation in their operations, and therefore threatens the jobs of union workers. As government investment into U.S. infrastructure increases, it is likely that the number of unions filing labor disputes against proposed automation will increase. Interos recommends continuous monitoring of these labor disputes.

Current Labor Market

Interos analyzed official employment data from the U.S. Bureau of Labor Statistics from 2012 – 2021 and found the data suggests that employment in 2020 dropped significantly since 2019 due to the COVID-19 pandemic, but it is not yet at a level of critical risk.Line graph showing jobs in rail transportation over time.

Interos also analyzed employment data for port labor for the years 2012-2021 and found the data suggests that employment levels for port workers dropped significantly since 2019 due to the COVID-19 pandemic but is not yet at a level of critical risk.

Line graph showing water transportation jobs over time.

Potential Outcomes

The chokepoint causing congestion at ports and railyards has moved downstream from backlogs of ships waiting to dock to long dwell times and overflowing railyards. The congestion is also now apparent at ports throughout the U.S. as opposed to just being a West Coast port problem as it was in 2020 and 2021. Interos has modeled three hypothetical scenarios representing possible outcomes:

Best: Government-funded infrastructure projects are implemented quickly, and U.S. intermodal chassis producers meet demand within 6-12 months. The long dwell times and congested railyards are likely to diminish within 12 months in this scenario.

Moderate: Government-funded infrastructure projects are implemented within 2-3 years and U.S. intermodal chassis producers meet demand within 12-18 months. The long dwell times and congested railyards are likely to diminish within two years in this scenario.

Worst: Government-funded infrastructure projects take over 4 years to be implemented, U.S. intermodal chassis producers meet demand within 2-3 years, and the port and rail unions implement a labor strike. In this scenario, the long dwell times and congested railyards are likely to continue for up to four years before diminishing.

Conclusion

Despite massive reductions in cargo ship backups, major U.S. ports and railyards still face significant delays due to supply chain issues surrounding intermodal chassis availability, a workforce that is still slowly recovering from COVID-driven layoffs, and the adoption of new railyard technologies that prioritize efficiency over resilience.

Despite popular belief, labor disputes currently have relatively little influence over these delays, though that may change as both the implementation of — and opposition to — automated port and rail technologies increases.

With enough government investment in critical infrastructure, and a more widespread adoption of resilience-focused approach to operations alongside the technologies that enable it, these delays could be greatly reduced within a matter of twelve months. However, a failure to do so will likely mean continued shipping delays for many U.S. industries and consumers.

To learn more about the potential impacts of supply chain disruptions and what companies are doing about it, check out our annual industry survey, Resilience 2022.

The Global Supply Chain & Operational Resilience are Bigger than Protectionism

By Geraint John

Since the U.S.-China trade war kicked off in early 2018, “supply chain resilience” has become a top agenda item for procurement leaders, company bosses and legislators alike.

The case for resilience has been massively strengthened during this period by the COVID-19 pandemic, severe semiconductor shortages, and most recently Russia’s invasion of Ukraine.

But what started out as a largely operational effort by businesses to shore up fragile supply chains is in danger of being subsumed by political considerations, as governments pour money into favored firms on home soil in an attempt to reverse globalization.

In this febrile atmosphere, advocates of operational resilience need to guard against attempts to narrow its focus unduly to national interests and protectionist trade policies.



Globalization & bringing production ‘back home’

Recent years have seen a growing debate about whether globalization — a 30-year-plus stretch in which hundreds of thousands of firms shifted production to far-flung destinations in search of cost efficiencies — is in retreat.

Bringing sourcing and manufacturing activity back to home countries (onshoring or reshoring) or neighboring ones (nearshoring) is seen as proof that global supply chains are not the panacea they once were.

After several false starts, in which there has been plenty of talk but relatively little action, Wall Street is now pointing to evidence that suggests a reverse trend may finally be real. 

Last month, analysts at Bank of America and Barclays were among those who noted a growing number of references to reshoring by CEOs and other senior executives at S&P 500 companies during second-quarter earnings calls.

Data from Bloomberg shows a 1,000% increase in use of the terms onshoring, reshoring, and nearshoring in these calls compared with pre-pandemic levels (see chart).

Coming Home: Supply chain shifts get more attention during corporate presentations.

The business drivers for changing global operating models in this way include:

  • A closing of wage differentials between offshored locations — especially China — and home nations
  • More expensive logistics costs to transport components and finished goods by air and sea
  • Extended lead times and shortages of materials and labor caused by COVID lockdowns and other disruptive events
  • The need to respond more quickly to evolving customer requirements in local markets 

An expanding national security agenda impacts operational resilience

At the same time, governments in the U.S., Europe and elsewhere are pushing for the rebuilding of domestic supply chains in the name of national security and self-sufficiency.

In practice, this means reducing dependence on China and Russia as tensions escalate and a largely stable and benign era of international free trade is fractured by the battle for global economic and geopolitical supremacy.

Russia’s war in Ukraine highlighted just how reliant many countries are on it for supplies of oil and natural gas, as well as many critical industrial and agricultural commodities.

China, meanwhile, remains the world’s preeminent manufacturing base, and an electronics powerhouse that dominates supply chains for everything from 5G networks to lithium-ion batteries.

Both countries have been subjected to an ever-growing list of Western sanctions and export controls, with Russia essentially closed for business and China’s access to U.S. and European chip-making equipment and related technologies heavily restricted.

U.S. House Speaker Nancy Pelosi’s controversial visit to Taiwan at the beginning of August shone a spotlight on that island’s almost total control of advanced semiconductors — used not only in the latest smartphones, but also cutting-edge military systems — and its vulnerability to a Chinese takeover.

A&D semiconductor supply chains rely on Taiwan and China

An analysis of Interos’ global relationship platform data shows that:

  • The major U.S. aerospace & defense (A&D) companies each have as many as 85 direct (tier-1) relationships with semiconductor suppliers 
  • The vast majority of these tier-1 relationships are with U.S.-headquartered companies, led by the likes of Intel, Broadcom and Nvidia 
  • At the tier-2 level, big Taiwanese chip makers such as Taiwan Semiconductor Manufacturing Co. (TSMC), Advanced Semiconductor Engineering (ASE) and United Microelectronics Corporation (UMC) have hundreds of connections to U.S. A&D supply chains  
  • SMIC, China’s largest semiconductor manufacturer, has over 300 connections to tier-1 suppliers serving U.S. A&D customers, and there are many other Chinese-owned suppliers present in these supply chains at tiers 2 and 3

In a survey conducted by Interos in the first quarter of 2022, U.S.-based respondents in A&D said that, on average, almost two-thirds (64%) of their suppliers were located outside North America, with 16% in Asia (see chart below).

They expected just over half (53%) of these contracts to be reshored or nearshored during the next three years.

Location of U.S.-based A&D companies' suppliers.

Public subsidies incentivize regional production

Regionalizing semiconductor manufacturing to reduce over-concentration in Taiwan makes sense to the West for risk diversification and national security reasons — particularly in the light of China’s extensive live-fire military drills in the area following Pelosi’s visit.

Manufacturers such as TSMC, Intel, Samsung, and Micron are being showered with billions of dollars in public subsidies to build fabs in the U.S., buoyed by the recently passed CHIPS and Science Act

It’s a similar story for the lithium-ion batteries needed to power a new generation of electric vehicles (EVs) and clean energy solutions. 

The climate measures of the new Inflation Reduction Act promise over $15 billion in subsidies for EV and other manufacturers to expand capacity within the U.S. 

As it stands, this legislation goes further in a bid to reduce dependence on China by withdrawing consumer tax credits from vehicles that contain Chinese battery components (in other words, most of them).

In practice, however, replicating entire supply chains onshore, whether for silicon chips or lithium-ion batteries, is likely to be prohibitive for both cost and time reasons, putting operational resilience in jeopardy.

An in-depth article by Nikkei Asia lays bare the fact that semiconductor supply chains are reliant on a complex network of specialist sub-tier suppliers, not all of whom are going to set up shop next door to shiny new wafer plants.

The U.S. government appears to accept that domestic supply chains have their limits, judging by recent speeches from top officials.

Treasury Secretary Janet Yellen and Trade Representative Katherine Tai are among those who have been busy promoting the virtues of “friendshoring” — doing business only with trusted allies and not authoritarian regimes.

While this concept, and government intervention to support domestic production, seem like sensible strategies to boost supply chain resilience in critical industries, they have come under fire from a number of respected commentators.

Earlier this month, Financial Times trade columnist Alan Beattie questioned whether fashioning an anti-China trading bloc will really be that simple and argued that subsidies and tax credits have the potential to distort markets and increase prices.

And a cover story in The Economist on reinventing globalization warned: “The danger is that a reasonable pursuit of security will morph into rampant protectionism.”  

Resilience is about more than security

Where does all of this leave procurement, supply chain, and operational resilience leaders? 

For starters, they should be wary of attempts by some politicians and journalists to equate supply chain resilience solely with re/near/friendshoring and national security (including in the otherwise excellent Nikkei article mentioned earlier).

Research by the International Monetary Fund (IMF), discussed in a previous blog, concluded that diversifying sources of supply abroad is a more effective way of building resilience than concentrating it at home. 

This finding is supported by a newly published Gartner survey of 400 global supply chain leaders, which found that diversification away from China to other low-cost countries in Asia was more prevalent than nearshoring to developed markets.  

A balanced view of supply chain resilience in a changing trade environment comes from Christine Lagarde, a former IMF boss who is currently President of the European Central Bank.

In a speech in Washington, DC, in April, Lagarde pointed to “three distinct shifts in global trade”:

  1. Reducing dependence and geographic concentration risk by diversifying suppliers, stockpiling essential materials, and operating “just-in-case” supply chains.
  2. Focusing less on cost efficiency and more on supply chain security through industrial policies and other government measures.
  3. Developing regionalized import-export and risk-sharing models where the first-choice “rules-based multilateral trading system” no longer functions effectively.

Three Distinct Shifts in Global Trade: Dependence to Diversification, Efficiency to Security, and Globalization to Regionalization.

Lagarde argued that the goal for Europe should be “open strategic autonomy” — defined as striking “a careful balance between insuring against risk in areas where our vulnerabilities are excessive and avoiding protectionism”.

At a time when the benefits of globalization and free trade — including prosperity, innovation, openness, and integration—– are under attack, this is a message that the U.S. and other developed economies would be wise to embrace.

To learn more about how the Interos platform can help your firm face challenges relating to globalization, supply chains, and operational resilience, visit interos.ai.

Battery Supply Chains’ Reliance on China threatens the Electric Revolution

By Geraint John

Global sales of electric vehicles (EVs) hit the accelerator pedal last year, with their market share speeding past 10% of new car registrations in the first half of 2022.

That’s great news for the planet, since passenger cars account for more than 40% of total carbon dioxide emissions annually worldwide, whereas EVs emit zero.

But from a supply chain perspective, the rapid growth of EV sales poses two particularly significant and worrisome challenges:

  1. The supply of key raw materials used to make rechargeable lithium-ion (Li-ion) batteries – the most important component in every EV – is not expected to keep up with demand.
  2. The processing of these raw materials and battery production are both dominated by China, at a time when geopolitical tensions are rising and developed economy governments want to reduce their strategic dependence on the country.

Price rises today, shortages tomorrow

In recent months, the CEOs of several auto makers, including Tesla, Rivian and Stellantis, have spoken out about a looming supply shortage of Li-ion batteries during the next 3-5 years – one potentially far worse than the current semiconductor crisis.

Their concerns center around a projected deficit in the availability of lithium and cobalt – two of the main ingredients in battery cells – along with a lack of future capacity to refine these materials and manufacture the much higher battery volumes required.

Last week, the world’s biggest producer of lithium for EV batteries warned of a tight supply market for the rest of this decade.

High demand and constrained supply have already caused significant raw material inflation, particularly for lithium. Prices for battery-grade lithium carbonate are up 375% year on year, and 116% in 2022, according to Benchmark Mineral Intelligence (BMI).

Raw materials now make up 80% of the cost of a Li-ion battery, reports BMI – double the share in 2015.

This has forced auto makers to raise list prices for EVs, and at least temporarily halted the notion that lower battery costs will make EVs more affordable for consumers.

Battery making is dependent on China and Russia

Concentration risk is also a major concern. The latest global mining data shows that extraction of cobalt, graphite and lithium are highly concentrated in the Democratic Republic of the Congo (DRC), China and Australia respectively, based on the Herfindahl-Hirschman Index.

The DRC, which produces 70% of the world’s cobalt supply, is tainted by the use of child labor. And the second biggest source of cobalt is Russia, which is also the leading producer of battery-grade nickel.

Concentration risk for Li-ion batteries becomes even more pronounced further downstream in the supply chain. A new report by the International Energy Agency (IEA) notes that China:

  • Owns more than half of the world’s processing and refining capacity for lithium, cobalt and graphite.
  • Controls 70% of global production capacity for cathodes and 85% for anodes – the two key battery components.
  • Manufactures three-quarters of the world’s supply of Li-ion batteries, and accounts for 70% of new production capacity set to be added through 2030.

An Interos survey of 750 procurement executives in Q1 found that 85% were concerned that their supply bases were too concentrated in certain geographic regions, such as China.

A similar share of participants in the aerospace & defense (A&D) and IT & technology sectors – both also significant users of Li-ion batteries – took the same view.

Chinese producers are heavily embedded in key industry supply chains

An analysis of Interos’ global relationship platform data reveals that:

  • Almost 300 A&D entities in the U.S., Europe and Japan have the leading Chinese lithium firms Ganfeng Lithium Co., Tianqi Lithium Corporation and Zijin Mining Group in their supply chains.
  • China’s primary cobalt miner – and the world’s second largest after Glencore – China Molybdenum indirectly supplies a slew of leading automotive components, car manufacturing and A&D firms operating in Japan and China.
  • Almost 167,000 U.S., European and Japanese firms have indirect (tier-2 or tier-3) relationships with Chinese cathode and anode components firms, notably Ningbo Shanshan, BTR New Materials Group Co., Shenzhen Capchem Technology Co. and Tianjin B&M Science and Technology Co.
  • Almost 500 technology and automotive manufacturers in the U.S., Europe and Japan use the top three Chinese Li-ion battery makers, Contemporary Amperex Technology Co. (CATL), BYD and China Aviation Lithium Battery Co. (CALB).
  • South Korean battery makers LG Energy Solution, Samsung SDI and SK Innovation are rated as “low risk” (average i-Score of 79), whereas Chinese battery makers BYD and CALB are rated “medium risk” (average i-Score of 63).

Alternative strategies deployed by governments and OEMs

The dependence on Chinese refining, component and battery manufacturers is of concern not only to companies, but also to many Western and Asian governments.

Last year the U.S. Department of Energy published a blueprint for lithium-based batteries. In the context of a market that is expected to grow 5-10 times in size by 2030, it calls for the development of a domestic supply chain to support EVs, electrical grid storage, aviation and national defense.

The plan includes more secure access to raw materials; the elimination of cobalt and nickel from battery formulas; and the expansion of onshore processing, cell production, pack manufacturing and recycling capacity.

Source: National Blueprint for Lithium Batteries, 2021-2030, Federal Consortium for Advanced Batteries

The European Commission unveiled a similar strategy back in 2018, while in Japan the Battery Association for Supply Chain was established last year, with 55 member firms spanning all industry segments, to develop policy recommendations.

Auto makers aren’t waiting around for national governments to reshape battery supply chains. Many are now pursuing their own strategies in an effort to head off future supply chain disruptions. The two main ones are:

  • Direct sourcing from mining companies. During the past 12 months, Tesla has signed contracts with lithium, nickel and graphite miners, including BHP and Vale, as it ramps up its battery raw material purchasing. BMW and General Motors have each made multi-million dollar investments in lithium mining projects, while Ford, VW, Renault and Stellantis have all done their own lithium supply deals. GM has also signed a multi-year agreement for cobalt with Glencore.
  • Diversification of battery manufacturing.S., European and Japanese OEMs are also extending their cell components and battery pack production capacity outside China. Suppliers Panasonic, LG Energy Solution and Samsung SDI have announced new battery manufacturing plants on the U.S. east coast. Redwood Materials, an electronics recycling specialist, is building a new cathode material plant in Nevada, close to Tesla’s Gigafactory. And Europe’s Northvolt is planning new factories in Germany and Sweden.

Changing battery chemistries is another strategy being pursued by auto makers such as VW and Tesla to improve range, lower costs and reduce dependence on raw materials such as cobalt. But, as with the development of new manufacturing plants, this will take several years to fully implement.

In the meantime, vertical integration – a characteristic of the early automotive pioneers, but out of fashion in recent decades – seems to be the order of the day, as the industry seeks to minimize its vulnerabilities and regain control of electronics supply chains.