Daniel Elice

When Infrastructure Isn’t Just Physical: How Global Supply Chain Risk Threatens America’s Backbone

European authorities are investigating Yutong buses over a worrying security loophole: these software-embedded, connected buses can be remotely accessed by a Chinese supplier for diagnostics and updates (The Guardian), meaning someone could theoretically interfere with their control systems.

This brings up an interesting question. What happens when critical infrastructure (public transit, in this case), depends on foreign technology with deep system-level access?

America’s Supply Chain Risk

This idea isn’t just a European issue. The U.S. has its own supply chain dependencies that pose strategic vulnerabilities:

  • According to U.S. government reports, critical segments like industrial control systems and other electrical components are heavily exposed to foreign sourcing, including from China (uscc.gov).
  • In electronics, U.S. manufacturers rely on Chinese subcomponents, especially in their earlier stages of production.
  • On the mineral front, China dominates processing and refining of rare earth elements. These are essential for batteries, semiconductors, and defense technologies (Reuters).

This echoes a point I discussed in a previous article on supply chain risk and why the U.S. government banned Kaspersky software. Even trusted software can pose systemic risk when its source and governance are unclear.

Why This Matters for American Infrastructure

  1. Resilience Risk
    If a supplier halfway around the globe has privileged access or control over infrastructure components, a geopolitical tension or technical exploit could disrupt not just production, but entire systems (like power grids or transportation).
  2. Lack of Oversight
    Local governments or agencies may lack visibility into how deeply foreign vendors can control or interact with critical systems. The bus case is a serious reminder: remote access isn’t just about updates. It might be about control.
  3. Long-Term Strategic Leverage
    If key infrastructure depends on foreign tech, adversary nations could gain outsized influence. In some sectors, China already holds significant leverage, through manufacturing dominance (Interesting read about this here: ITIF).

What Needs to Change

  • Procurement with Security in Mind
    Public agencies need to integrate cybersecurity risk into their procurement criteria, not just price and specs. The U.S. government is making efforts with that, however, more needs to be done.
  • Supply Chain Transparency
    Organizations must demand visibility not just to their Tier-1 suppliers but several tiers deep, especially for things like EVs and critical grid components.
  • Regulation + Incentives
    Policy should encourage onshoring, not just through tariffs, but through incentives to build domestic capacity in minerals, electronics, and connected infrastructure.

Final Thoughts

Our infrastructure is increasingly digital, connected, and software-driven. That makes it more efficient, but also more exposed. As the bus investigation shows, it’s not enough to think of infrastructure risk in terms of bricks and wires.

If we ignore these dependencies, we’re not just risking supply chains. We’re risking our ability to run critical systems on our own terms.

Leave a comment