In 2024, security researchers discovered undocumented cellular radios embedded in Chinese-made solar inverters. These devices had already been installed at scale across residential rooftops and commercial power systems worldwide. The implications were immediate and alarming: compromised hardware capable of destabilising power grids remotely, in peacetime or conflict, at the flick of a switch.
This revelation raises more than just a technical concern. It demonstrates just how easily global supply chain dependencies could impact national security. Much like the pandemic exposed vulnerabilities in our reliance on foreign-made medicines and protective equipment, the solar inverter incident acts as a stark reminder that critical infrastructure is only as resilient as the systems, services and suppliers behind it.
In this article we explore how over-dependence on strategically important suppliers, not least from China, has created a fragile global network of supply chain dependencies that could present sources of vulnerabilities, exploitation, and coercion. We also examine why, in this new environment, traditional third-party risk management – the practice of assessing and monitoring the security and reliability of external suppliers and service providers – is no longer fit for purpose, and how new visibility, mapping, and collaboration tools can help nations and companies chart a more secure path.
The Dependency Dilemma
For decades, globalisation promised efficiency. Production moved offshore, costs dropped, and industries thrived. Today, however, that same interconnectedness has become a point of strategic exposure, especially as geopolitical tensions rise and nations adopt de-risking policies in response.
China is at the heart of this dilemma. It controls around 60% of global semiconductor packaging, 90% of rare earth elements, and 80% of the world’s solar panel manufacturing. 60% of global chip testing and assembly also takes place in China; 70% of lithium-ion battery capacity is China-based; and 95% of the world’s polysilicon supply is controlled by Chinese entities.
This degree of concentration would be concerning even under stable geopolitical conditions. But in today’s increasingly fractured and hostile landscape, it’s perilous. As the global order shifts from global interdependence to trade wars, sanctions, and mounting geopolitical strife, the wisdom of concentrating critical supply chains in one jurisdiction has come under fresh scrutiny. Dependency, once seen as an acceptable trade-off, is now a liability.
How China Controls the Technologies That Power Modern Nations
It is easy to speak in abstractions about Chinese dominance in global supply chains, but the reality is far more tangible and far-reaching. In sector after sector, the technologies powering societies, economies and national security are built on components, materials, and systems that pass through Chinese-controlled entities or production processes. From the inverters regulating the flow of electricity in hospitals and data centres, to the rare earth magnets steering missiles and medical scanners, China’s imprint is not just present - it has become pervasive. The following examples illustrate just how much this dominance is woven into the very fabric of modern infrastructure, defence, and communications.
Critical Infrastructure
Across Europe and North America, Chinese firms supply key technologies and components for power grids, telecommunications, transport, and water systems—systems that underpin everything from emergency healthcare to financial markets. As already mentioned, Chinese-manufactured inverters and batteries have already been deployed in energy grids across the United Kingdom, the European Union, and the United States. These devices - essential for converting and managing electricity from renewable sources - are overwhelmingly produced by a handful of Chinese companies, with Huawei alone accounting for nearly 30% of global inverter shipments as of 2022. These components sit at the centre of vital systems, including hospitals, airports, and data centres. In 2023, it was estimated that over 10% of large power transformers newly installed in the US grid originated from Chinese manufacturers, with some utilities relying on Chinese suppliers for up to 20% of their critical grid components. Even less visible components, such as industrial control system chips, sensors, and software used in water treatment plants, rail signalling, and airport operations, are often sourced from Chinese supply chains.
Military Supply Chains
Modern defence systems also depend on components that originate from Chinese factories. Semiconductors used in avionics, batteries for autonomous systems, and rare earth elements required for sensors and communications all form part of a complex web of supply chain exposure. Several military contractors have already reported difficulty sourcing high-assurance chips that do not rely on Chinese subcontractors, revealing a deep and unresolved risk in procurement. According to the 2025 National Security Scorecard, meanwhile, nearly one in ten Tier 1 suppliers - direct subcontractors providing essential components for major US defence programmes - are Chinese firms, with the figure rising to 11.1% in missile defense and 7.8% in nuclear systems. The Department of Defense also relies on Chinese supply chains for components used in 1,900 weapon systems, encompassing over 80,000 individual parts - a vulnerability that affects 78% of all US military weapon systems. Critical minerals such as antimony, gallium, germanium, tungsten, and tellurium—materials dominated by Chinese production—are essential to everything from Navy destroyers to nuclear missiles.
Telecommunications Network Penetration
Telecommunications infrastructure has proven especially vulnerable. Despite public warnings, equipment from Huawei and ZTE continues to support 5G networks in many countries. Security agencies have already documented cyber-espionage campaigns that exploited firmware and hardware vulnerabilities within this equipment, giving attackers access to government and corporate data. Notable examples include the Cloudhopper intrusions by APT10 and more recent campaigns involving software-defined networking platforms.
Consumer Electronics and Smart Devices
From smartphones, laptops, routers to smart home devices, Chinese manufacturers dominate the assembly and supply of critical hardware and embedded firmware. This not only raises concerns about data privacy and intellectual property theft, but also about the potential for remote exploitation or sabotage at scale.
Automotive Industry Dependence
The rapid electrification of vehicles has only deepened reliance on Chinese supply chains. China controls the majority of global lithium-ion battery production, as well as the processing of key minerals like cobalt and graphite. As a result, automakers in Europe and North America face acute vulnerabilities should geopolitical tensions disrupt access to these essential components.
Renewable Energy Technologies
China’s dominance in the production of solar panels, wind turbine components, and energy storage systems has shaped the global transition to renewables. With over 80% of the world’s photovoltaic panels and the vast majority of polysilicon supply originating in China, efforts to decarbonise are now tightly coupled to Chinese manufacturing capacity and policy decisions.
The Price of Dependence: What Nations Stand to Lose
As the above demonstrates, the growing dominance of Chinese suppliers across critical sectors means that any disruption could have severe consequences for economies, national defence systems, and public infrastructure. Let’s look at some possible fallouts in each domain, if China were to decide to actively weaponise this dominance, more closely.
Economic Disruption
Sudden export restrictions or sanctions involving Chinese suppliers could instantly trigger global shortages of critical components, including semiconductors, pharmaceutical precursors, or rare earths. These disruptions would likely cause price spikes and supply shocks that ripple through multiple industries, undermining growth and increasing inflation.
Yet another risk are cyber attacks on financial infrastructure. Hackers with clear links to China have already shown their ability and intention to target banks, stock exchanges, and payment systems, and as such, a well-executed attack could cause potentially devastating economic impacts.
Military Disruptions
The presence of foreign-sourced components in weapons systems raises the possibility of built-in vulnerabilities or delayed sabotage. Beyond backdoors, China could also weaponise its position by restricting rare earths essential for missile production or aerospace systems. That would delay maintenance cycles, weapon delivery, and defence readiness.
Societal Impacts
Disruptions to telecommunications, energy, or water infrastructure could lead to widespread blackouts and communication failures. These consequences would affect not only public safety but also the ability of governments to respond to emergencies. Public health could also suffer from shortages of medical equipment and drugs, many of which still rely on overseas manufacturing.
Widespread economic hardship, including inflation and job losses, could further destabilise communities, especially in countries with limited domestic manufacturing capacity. Were this to happen, and the general public would lose faith in the safety and reliability of essential services, the political consequences would be paradigm-shifting.
From Dependency to Exposure: The New Threat Landscape
The modern supply chain is no longer just a marvel of logistics and efficiency. It has become a sprawling, opaque web where vulnerabilities hide and adversaries thrive. The problem is not simply that we rely on foreign suppliers, but that the nature of risk itself has changed - quietly, and in ways that most boardrooms have yet to fully grasp.
Today, the threat is as likely to arrive through a software update or a firmware backdoor as it is through a missed shipment or a trade embargo. The solar inverter episode is a case in point: a reminder that the true danger lies not in the visible, but in the hidden. The undocumented communication modules, including cellular radios hidden inside these inverters and battery systems, that were discovered create covert channels that can bypass firewalls and network segmentation, enabling remote access and control by outside actors. Such access could allow adversaries to simultaneously disable or manipulate numerous devices, potentially triggering cascading power outages across multiple states and disrupting vital services.
This is the uncomfortable reality of the dependencies created during the period of globalisation, outsourcing and offshoring. To secure our supply chains and reduce vulnerabilities to malicious exploitation of these dependencies, we must first accept that the ground has shifted beneath our feet. The challenge is no longer about efficiency or cost, but about resilience in the face of threats that are systemic, strategic, and increasingly sophisticated. The era of benign global interdependence is over. What comes next will demand a new kind of vigilance - one that looks beyond the obvious.
Why Traditional Supply Chain Risk Management Falls Short
Equally, the old assumptions - that supply chain risk can be managed with annual third-party audits, supplier questionnaires, and a focus only on the first tier, i.e. direct suppliers - are dangerously outdated. The adversaries have changed, and so have their methods. They exploit complexity, obfuscate origins, and target the weakest links - often those that sit far beyond the reach of conventional oversight.
These legacy third-party risk management methods were simply not designed for today’s environment and as a result most TPRM programmes today struggle to cope with the scale and complexity of the new challenges we face.
The main shortcomings of these outdated models include, among others:
1. Insufficient Geopolitical Awareness
Many organisations assess risk purely via regulation or finance, and fail to consider broader geopolitical dynamics. In particular, developments in trade policy, sanctions, or regional conflict tend to be excluded from the risk register, even though they directly impact supplier availability and trustworthiness.
2. Blind Spots in Multi-Tier Dependencies
Organisations tend to assess only their direct suppliers. However, a compromised component can be introduced far down the suppliers supply chain. Without full visibility into the fourth, fifth, or nth tier, these threats remain hidden until they are exploited.
3. Obscured Country-of-Origin Chains
Chinese manufacturers increasingly re-route exports through Southeast Asia to obfuscate their origin. A server might appear Malaysian on paper, but critical firmware or chips are often still sourced from China.
4. Static and Siloed Processes
Risk assessments are often conducted once per year and are siloed between teams. It is impossible for such a model to keep pace with a threat environment that evolves each day.
5. Underestimation of Strategic and Systemic Risks
Most frameworks fail to account for the possibility of deliberate disruption by a hostile state. Scenarios involving embargoes, cyber sabotage, or coordinated trade restrictions are rarely modelled or tested, leaving organisations unprepared for cascading failures should such events occur.
6. Poor Due Diligence on New Suppliers
In efforts to reduce dependence on China, companies may onboard new suppliers in haste, without sufficiently robust due diligence. This creates new exposures, including the possibility of hidden connections to high-risk jurisdictions or unverified production methods.
The Path Forward: Building Resilience Through Enhanced Visibility and Collaboration
Risk Ledger addresses many of these challenges by giving organisations a platform that goes beyond compliance and builds real operational insight.
Deep Multi-Tier Visibility
Using a network-based approach, Risk Ledger allows companies to visualise their full supply chain, including fourth, fifth, and even deeper-tier connections. This level of visibility makes it possible to uncover hidden dependencies that are not apparent in standard vendor lists.
Concentration Risk Identification
The platform identifies supplier concentration risks, both to individual organisations in any tier of their supply chain as well as systemic concentration risks to entire industries, enabling organisations to understand where potential single points of failure might reside. This helps mitigate the risk of sudden disruptions caused by conflict, policy change, or sanctions.
Continuous Risk Monitoring
Risk Ledger delivers continuous updates about changes in supplier risk profiles, including cyber security incidents or compliance lapses. This dynamic monitoring ensures that companies respond to threats as they emerge, rather than after the damage is already done.
Collaborative Supplier Engagement
The platform encourages direct engagement with suppliers and with industry peers. Organisations can request documentation, raise concerns, and track remediation activities in one central location. This enables better transparency, especially when production shifts across borders.
Actionable Insights
With intuitive dashboards and reporting, the platform enables decision-makers to simulate disruptions, assess impact, and make informed choices around reshoring, supplier diversification, or regional sourcing.
Conclusion
The geopolitical landscape is shifting, and with it, the risks embedded deep within global supply chains. What once served as an engine of growth now exposes nations and organisations to strategic vulnerabilities that cannot be managed with legacy approaches. Checkbox assessments and shallow supplier audits no longer provide the assurance needed in this environment.
Building true resilience means gaining visibility far beyond immediate vendors, understanding where dependencies lie, and acting on that insight before disruptions occur. Risk Ledger helps organisations move from reactive risk management to proactive, intelligence-led decision making, strengthening not only operational resilience but also national and economic security in the process.
