WEBVTT - RedLock CISO: China Chip Hack May Be Just The Beginning 0:00:05.800 --> 0:00:08.720 Welcome to the Bloomberg P and L Podcast. I'm pim Fox. 0:00:08.760 --> 0:00:11.520 Along with my co host Lisa Bramowitz. Each day we 0:00:11.640 --> 0:00:15.120 bring you the most important, noteworthy, and useful interviews for 0:00:15.200 --> 0:00:17.840 you and your money, whether you're at the grocery store 0:00:17.960 --> 0:00:20.720 or the trading floor. Find the Bloomberg P M L 0:00:20.840 --> 0:00:30.760 Podcast on Apple Podcasts, SoundCloud, and Bloomberg dot com. Vice 0:00:30.800 --> 0:00:34.520 President Pence has been speaking at the Husband Institute in Washington, 0:00:34.680 --> 0:00:38.320 d C. Among his comments, he said that Chinese security 0:00:38.360 --> 0:00:43.680 agencies have masterminded the wholesale theft of American technology, including 0:00:43.720 --> 0:00:48.159 cutting edge military blueprints. Of course, this is incredibly relevant, 0:00:48.240 --> 0:00:51.640 especially in light of the blockbuster Bloomberg business Week story 0:00:51.640 --> 0:00:55.880 that just came out talking about a micro chip implanted 0:00:56.000 --> 0:00:59.640 in computer motherboards that were used in everything from the 0:00:59.640 --> 0:01:03.240 pencil Gone to Amazon to Google. Joining us now is 0:01:03.280 --> 0:01:06.920 Matt Chiot, vice president chief information security officer at Redlock 0:01:07.240 --> 0:01:10.200 in Philadelphia. Matt, I want to just start with that 0:01:10.280 --> 0:01:14.240 story reported by Bloomberg business Week. Are you concerned reading 0:01:14.280 --> 0:01:17.600 that that China has gotten access to the to our 0:01:17.640 --> 0:01:20.480 biggest technology companies in the United States as well as 0:01:20.480 --> 0:01:24.120 potentially the military. You know, absolutely, I think that this 0:01:24.240 --> 0:01:27.959 story right now. Mindly, all of this is allegedly reportedly. 0:01:28.120 --> 0:01:31.040 But if what is being reported is true, this could 0:01:31.080 --> 0:01:36.640 be very, very dangerous. Why Well, it could be dangerous 0:01:36.640 --> 0:01:38.679 for a number of reasons, but number one, most of 0:01:38.720 --> 0:01:41.720 the time when we talk about cyber security, we're talking 0:01:41.720 --> 0:01:46.160 about software based hacks. In this specific incident, we're talking 0:01:46.160 --> 0:01:49.800 about hardware. Hardware hacks are really ever talked about. It's 0:01:49.840 --> 0:01:52.720 usually just something that has talked about as being theoretical, 0:01:52.840 --> 0:01:55.720 something that could happen. If this did in fact happen, 0:01:55.960 --> 0:01:59.320 we need to remember that allegedly, these chips are so 0:01:59.480 --> 0:02:02.200 small that they can barely be seen by the human eye. 0:02:02.520 --> 0:02:05.400 And what happens is with these chips, allegedly is that 0:02:05.640 --> 0:02:09.360 they allow code to be inserted into the operating system 0:02:09.600 --> 0:02:12.560 that's running on top of this hardware. This could let 0:02:12.639 --> 0:02:17.600 somebody do any number of things, including potentially expilter, expiltate data, 0:02:17.960 --> 0:02:21.880 or do other things perhaps far more Nefaria matt As, 0:02:21.960 --> 0:02:27.160 the Chief Information Security Officer of Redlock and previously the 0:02:27.240 --> 0:02:30.600 head of Cloud Security and Global Head of Cloud Security 0:02:30.720 --> 0:02:35.960 at Cognizant Technology Solutions. If you received a telephone call, 0:02:36.080 --> 0:02:41.560 in email, a communication from a client asking what should 0:02:41.639 --> 0:02:45.200 I do? What would you say as a result of 0:02:45.280 --> 0:02:48.960 this revelation. The first thing that we would advise them 0:02:49.000 --> 0:02:51.880 to do is to begin start looking at as part 0:02:51.880 --> 0:02:54.960 of their third party risk management program to ensure that 0:02:55.000 --> 0:02:58.160 they are actually looking at the security of the hardware. 0:02:58.919 --> 0:03:01.560 I have been in many differ and corporate security programs, 0:03:01.639 --> 0:03:04.560 in very very few of them actually look at the 0:03:04.600 --> 0:03:09.040 security of the hardware. It's usually implicitly trust. In right, 0:03:09.120 --> 0:03:12.160 the chip comes from manufacturer X, I don't even look 0:03:12.200 --> 0:03:13.760 at it. I just trust that it will be there 0:03:13.840 --> 0:03:18.919 securely in just directly, how do you do this? How 0:03:18.919 --> 0:03:20.399 do you do it? I mean, do you actually take 0:03:20.440 --> 0:03:22.840 the box apart and look at the original design and 0:03:22.880 --> 0:03:27.280 match what's there with the original design. Most corporate security 0:03:27.280 --> 0:03:29.800 programs do not have the technical resources to do this. 0:03:30.240 --> 0:03:33.920 What's been reported, especially back in right with Amazon Web 0:03:33.960 --> 0:03:37.280 Services that allegedly found this, they actually didn't even have 0:03:37.400 --> 0:03:41.160 the expertise. Allegedly, they sourced this out to a hardware 0:03:41.200 --> 0:03:44.000 security firm that found this. Right, and we need to 0:03:44.000 --> 0:03:46.680 give major kudos to AWS for finding this if in 0:03:46.720 --> 0:03:49.680 fact this is true. Um apportedly they were the only 0:03:49.680 --> 0:03:51.360 ones that found this, and then of course this went 0:03:51.400 --> 0:03:54.240 to other companies, but absolutely if somebody called me today 0:03:54.240 --> 0:03:56.760 and they were asking what should we do, they need 0:03:56.760 --> 0:04:00.280 to immediately invoke a hardware security firm, because more than 0:04:00.360 --> 0:04:03.840 likely they do not have this expertise in house. I 0:04:03.880 --> 0:04:06.880 guess one thing that I'm struck by is what don't 0:04:06.960 --> 0:04:09.520 we know as far as what's been hacked and what 0:04:09.880 --> 0:04:13.160 has already um, you know, been infiltrated in some way 0:04:13.280 --> 0:04:16.200 or another. I mean, do you think that the sort 0:04:16.240 --> 0:04:19.520 of infiltration not just by China but other foreign nations 0:04:19.600 --> 0:04:23.360 as well, into US check is much broader than people 0:04:23.400 --> 0:04:26.720 could ever begin to imagine? Well, you have to remember, right, 0:04:26.760 --> 0:04:29.599 I mean we're talking about super micro, a legendly right, 0:04:29.640 --> 0:04:33.080 this is the company that supposedly the People's Liberation Army 0:04:33.360 --> 0:04:38.560 of China supposedly infiltrated. They produce a great number of 0:04:38.600 --> 0:04:42.440 the world's motherboards, right, I remember motherboards there in everything 0:04:42.560 --> 0:04:45.000 right there, and everything from m r s too, special 0:04:45.000 --> 0:04:48.440 purchase computers to weapons systems. We don't know at this 0:04:48.520 --> 0:04:52.279 time how how many systems this actually got into, but 0:04:52.360 --> 0:04:54.680 if it did, we have got some very serious things 0:04:54.680 --> 0:04:58.200 to look at in the coming days. What kinds of 0:04:58.440 --> 0:05:02.760 effort do you believe that the private sector has already implemented, 0:05:02.839 --> 0:05:06.120 if any, in order to work with the US government 0:05:06.480 --> 0:05:11.240 to prevent these kinds of infiltrations at this time. I mean, 0:05:11.279 --> 0:05:14.799 from what I have seen, again, most corporate security programs 0:05:15.080 --> 0:05:18.960 really don't have much expertise when it comes to hardware security. 0:05:19.279 --> 0:05:20.880 I think what we're going to see in the coming 0:05:20.960 --> 0:05:23.520 days and months is that there will be probably an 0:05:23.520 --> 0:05:26.240 expansion and I think just the public interest in this 0:05:26.600 --> 0:05:29.719 because you know, this goes very broad right again, computers 0:05:29.800 --> 0:05:34.200 run everything these days, from voting machines right to mobile phones, 0:05:34.360 --> 0:05:37.360 et cetera. It's going to get very very broad and 0:05:37.520 --> 0:05:40.080 right now. You know, again, it's been reported that this 0:05:40.160 --> 0:05:43.160 is still part of an ongoing top secret probe. So 0:05:43.200 --> 0:05:45.039 we may not get a lot of answers now, but 0:05:45.080 --> 0:05:47.200 I can guarantee you in the coming days, this is 0:05:47.240 --> 0:05:49.440 something that's going to have a lot of attention, just 0:05:49.480 --> 0:05:52.800 like election security. Matt, just real quick here, I'm wondering, 0:05:52.839 --> 0:05:55.000 do you think that the US has the capacity to 0:05:55.839 --> 0:05:58.599 generate to produce some of the parts necessary and motherboards 0:05:58.680 --> 0:06:02.320 necessary for our computers. I think we do. We definitely 0:06:02.360 --> 0:06:04.960 have the technology to do it. Now. Again, we're talking 0:06:04.960 --> 0:06:08.400 about output the ability to manufacture this. That could take 0:06:08.440 --> 0:06:10.960 a while for that to come online. But I think 0:06:11.040 --> 0:06:12.640 you know the other thing that's really important here, and 0:06:12.640 --> 0:06:14.880 I guess this just might be the bottom line for this. 0:06:15.279 --> 0:06:17.760 You need to remember motherboards, these kind of chips. They're 0:06:17.760 --> 0:06:20.880 in everything from voting machines to mobile phones and m ris. 0:06:21.320 --> 0:06:24.960 And again this was only once talked about as being hypothetical, 0:06:25.200 --> 0:06:28.200 but now allegedly it's become a reality. So companies need 0:06:28.240 --> 0:06:31.600 to immediately step up their third party risk management programs 0:06:31.839 --> 0:06:34.680 and to begin to really dig deeply into not only 0:06:34.960 --> 0:06:38.280 software development, but now hardware as well. I really sure 0:06:38.320 --> 0:06:41.080 that this is only the beginning. Thank you very much 0:06:41.160 --> 0:06:44.360 for being with us. Matt Chiandi is the vice president 0:06:44.400 --> 0:06:49.360 and chief information security officer for Redlock. They are based 0:06:49.440 --> 0:06:54.920 in Philadelphia, and the topic is hacking and infiltration of 0:06:55.000 --> 0:07:10.320 hardware systems in the United States. The topic is trade 0:07:10.560 --> 0:07:14.239 and the effect on the industry that brings you many 0:07:14.440 --> 0:07:18.080 of the products that you enjoy, such as shoes and 0:07:18.240 --> 0:07:22.360 clothing and various apparel items. Because the final tariff list 0:07:22.440 --> 0:07:25.040 that the President Donald Trump's has put together along with 0:07:25.120 --> 0:07:30.560 his trade representative for China includes textiles and many of 0:07:30.600 --> 0:07:32.840 the products that are used in the United States that 0:07:32.920 --> 0:07:36.200 then go into various types of apparel. Here to help 0:07:36.280 --> 0:07:39.160 us understand the topic is Edward Hertzman. He is the 0:07:39.200 --> 0:07:43.080 founder and the president of Sourcing Journal. Edward, thanks very 0:07:43.160 --> 0:07:46.240 much for coming into the studio. Can you just describe 0:07:46.280 --> 0:07:50.240 for people the role that China plays currently in the 0:07:50.360 --> 0:07:55.400 supply chain for let's say the apparel industry. Well, China 0:07:55.560 --> 0:08:00.480 is has a huge role in the apparel and footwear 0:08:00.480 --> 0:08:03.520 industry here in America. Just to put it roughly into 0:08:03.520 --> 0:08:07.160 some numbers, about thirty three of apparel coming into this 0:08:07.240 --> 0:08:11.160 country is manufactured in China, and about fifty to sixty 0:08:11.280 --> 0:08:14.080 percent the numbers could even be closer to seventy this 0:08:14.160 --> 0:08:17.560 year of all footwear imported into America are coming out 0:08:17.560 --> 0:08:22.200 of China. UM if twenty billion dollars of apparel came 0:08:22.240 --> 0:08:25.000 from China this past year. In two thousand and seventeen, 0:08:25.840 --> 0:08:28.520 UH India, which is also a mega player in the market, 0:08:28.920 --> 0:08:33.840 UH exported four point five billion into America. So that 0:08:33.880 --> 0:08:36.199 shows you how vast of a difference and how large 0:08:36.200 --> 0:08:39.000 of an advantage China has in this market. So I 0:08:39.080 --> 0:08:41.040 just before we get into some of the recent trade 0:08:41.040 --> 0:08:43.680 agreements that we've struck. I'm wondering the tariffs that we've 0:08:43.720 --> 0:08:49.080 seen so far implemented, UH, particularly in this space on China, 0:08:49.400 --> 0:08:53.559 do you expect those to reduce the proportion of apparel 0:08:53.720 --> 0:08:57.200 and footwear that comes here from China. Well as it 0:08:57.280 --> 0:09:00.280 stands today, UM, the majority of the tower that have 0:09:00.360 --> 0:09:04.040 been put into place are not affecting apparel and footwear. 0:09:04.360 --> 0:09:07.600 The concern that that the industry has is that UM, 0:09:07.720 --> 0:09:10.439 the next round which he is threatening of two hundred 0:09:10.600 --> 0:09:14.280 seventy five billion, which would basically include all five million 0:09:14.320 --> 0:09:16.720 plus five hundred billion plus coming out of China, would 0:09:16.760 --> 0:09:20.200 have to include at that point apparel and footwear, and therefore, 0:09:20.840 --> 0:09:25.120 UM people are scrambling to figure figure out contingency plans. UM. 0:09:25.200 --> 0:09:27.960 The harsh reality here is, since China has so much 0:09:28.000 --> 0:09:30.920 market share and it's such a vertically integrated country, meaning 0:09:30.960 --> 0:09:33.920 that they not only sold the garments, they produced the fibers, 0:09:33.920 --> 0:09:36.640 the fabric, you know, the raw materials, it's gonna be 0:09:36.760 --> 0:09:39.959 very very difficult for people to move and a short 0:09:40.000 --> 0:09:41.680 period of time and even in a long period of 0:09:41.679 --> 0:09:44.840 time to these outside countries, just because whether it's Vietnam 0:09:45.040 --> 0:09:47.400 or in the year, or Pakistan or Cambodia. They just 0:09:47.440 --> 0:09:51.040 don't have the capacity available to to make up the 0:09:51.120 --> 0:09:53.760 market share that China has, and there's gonna be baked 0:09:53.760 --> 0:09:56.600 in inflation into the system. So well as a rush 0:09:56.600 --> 0:10:01.280 to these countries. Being that there's limited capacity, they these 0:10:01.320 --> 0:10:04.040 countries are going to charge more money and therefore, whether 0:10:04.080 --> 0:10:06.800 it's China or another country, the prices are going to 0:10:06.840 --> 0:10:09.720 go up at the factory level. In looking at things 0:10:09.920 --> 0:10:12.960 like air freight demand global air freight, what is the 0:10:13.000 --> 0:10:17.360 trend right now? Well, you know, speed to market has 0:10:17.360 --> 0:10:19.400 been top of mind for everyone right now. You know, 0:10:19.400 --> 0:10:22.520 we like the study models like Indie TEGs, Era, and 0:10:22.559 --> 0:10:24.800 what makes them so successful is their ability to get 0:10:24.800 --> 0:10:28.719 goods into the market very quickly, reduce inventory liability, get 0:10:28.720 --> 0:10:31.679 goods into the market quickly. That allows them to react 0:10:32.480 --> 0:10:34.760 if things are working, and if it's not working, their 0:10:34.800 --> 0:10:37.440 inventory liability is less as it's not as you know, 0:10:37.480 --> 0:10:40.040 it's not as large. So one of the trends that 0:10:40.080 --> 0:10:44.040 we're seeing is while it's more expensive upfront air allows 0:10:44.120 --> 0:10:46.040 us to react very quickly. We don't have to wait 0:10:46.080 --> 0:10:49.079 for a you know, a twenty day boat to get 0:10:49.120 --> 0:10:52.199 stuff in, So it's we're seeing more of a trend 0:10:52.400 --> 0:10:55.440 as it applies to speed to market. Um, people are 0:10:55.520 --> 0:10:57.959 trying to utilize that as a means to get product 0:10:58.040 --> 0:10:59.920 in quicker. All right, So let's let's get to the 0:11:00.240 --> 0:11:04.040 trade agreement that we recently struck with Mexico, the US 0:11:04.160 --> 0:11:07.160 and Canada. Uh. Some people are saying their aspects of 0:11:07.160 --> 0:11:09.679 it that are more free trade act parts of it 0:11:09.720 --> 0:11:13.040 that are more protectionist. Where do you stand? What do 0:11:13.080 --> 0:11:16.959 you think the retail industry will stand when this all 0:11:17.000 --> 0:11:21.040 shakes out, will be in a better position or worse? So, UM, 0:11:21.080 --> 0:11:23.920 there's a pro and eicon to this recent agreement. So 0:11:23.960 --> 0:11:26.720 it's now no longer NAFTA, it's the U S m 0:11:26.760 --> 0:11:32.400 c A, the United States Mexico. I can't. I can't 0:11:32.400 --> 0:11:34.760 get this acronym down U S m c A. So 0:11:34.960 --> 0:11:38.320 United States, Mexico China agreement. I think that's I think 0:11:38.360 --> 0:11:41.760 that's it, UM on a on a high level. The 0:11:41.760 --> 0:11:44.880 the the positive is that it shows that Trump is 0:11:44.920 --> 0:11:48.360 not completely against global trade policy and global trade. So 0:11:48.520 --> 0:11:50.800 he is, you know, maybe the bark is a little 0:11:50.800 --> 0:11:53.080 bit bigger than the bite. He did not completely dismantle 0:11:53.120 --> 0:11:56.719 this agreement. But if we get into the nuances of it. UM. 0:11:56.840 --> 0:11:58.480 There's a little bit that we have to we have 0:11:58.520 --> 0:12:00.640 to realize here is that he's changed aaging some of 0:12:00.720 --> 0:12:04.320 the conditions of the agreement. So if you're manufacturing, and 0:12:04.320 --> 0:12:07.680 it's really going to impact auto and apparel the most. 0:12:08.000 --> 0:12:13.320 So if you're looking at the apparel industry, UM, the sewing, thread, 0:12:13.480 --> 0:12:16.320 the pockets, the fabric all have to come from one 0:12:16.400 --> 0:12:18.880 of the countries that are part of this agreement. And 0:12:18.960 --> 0:12:22.760 if we look at Mexico largely it's a CMT based country, 0:12:23.000 --> 0:12:25.280 a lot of the fabric or or components may be 0:12:25.360 --> 0:12:28.760 imported in stitch there and then sewn into America. So 0:12:28.800 --> 0:12:30.959 the question that a lot of people have is, well, 0:12:31.000 --> 0:12:33.600 how quickly can a country like this become vertical? How 0:12:33.679 --> 0:12:37.880 much of its UM accessories and inputs are they getting 0:12:37.880 --> 0:12:40.760 from China UM, So, how much will be business as 0:12:40.880 --> 0:12:42.679 usual and how much will be a scrambled to figure 0:12:42.679 --> 0:12:45.880 out how to continue importing the goods into this country 0:12:46.040 --> 0:12:50.880 duty free. In that same context, is it possible that 0:12:51.040 --> 0:12:55.240 Mexico has the technology, the workforce, and the infrastructure to 0:12:55.320 --> 0:12:58.960 let's say, be a much bigger player in the footwear industry? Well? Yes, 0:12:59.000 --> 0:13:02.440 I mean apps really they have the workforce, they have 0:13:02.559 --> 0:13:06.880 the skill set. UM. A company like Flex who works 0:13:06.880 --> 0:13:10.960 with Nike has a factory there, you know they're they're 0:13:11.000 --> 0:13:14.640 really leading the charge in some of the automation UM 0:13:14.679 --> 0:13:17.839 in the footwear space. The question is not if, The 0:13:17.960 --> 0:13:21.280 question is when and how quickly can can these countries 0:13:21.760 --> 0:13:26.080 um position themselves to to be a larger player. And 0:13:26.200 --> 0:13:28.679 if something happens in China or if if there is 0:13:29.080 --> 0:13:32.439 a larger impact with Mexico, um, there is going to 0:13:32.520 --> 0:13:34.840 be a period of time where there will be uh 0:13:35.040 --> 0:13:38.000 a lot of chaos happening, because nothing happens overnight in 0:13:38.000 --> 0:13:40.680 this industry. Just I'd love to get your thoughts quickly 0:13:40.840 --> 0:13:44.600 on just in general. Given President Trump's current positions on trade, 0:13:45.240 --> 0:13:48.360 imposing tariffs, and given the precedent that we have with 0:13:48.400 --> 0:13:51.840 this new agreement with North America, do you think that 0:13:51.880 --> 0:13:54.479 things are going to get substantially harder and more expensive 0:13:54.559 --> 0:13:58.959 for retailers just based on the supply chains. Absolutely, there's 0:13:59.000 --> 0:14:03.760 no way around it. So you know, there's there's there's 0:14:03.800 --> 0:14:07.480 not an anonymous agreement on this, but most of us 0:14:07.520 --> 0:14:12.480 believe that he will impose the balance two billion in tariffs, 0:14:12.520 --> 0:14:15.520 which therefore will impact all apparel and textile coming out 0:14:15.520 --> 0:14:20.040 of China. If that's the case, um anywhere from prices 0:14:20.040 --> 0:14:22.200 of goods in order to maintain the current margin and 0:14:22.280 --> 0:14:25.560 retail will have to go up ten to just to 0:14:25.640 --> 0:14:29.800 keep the status quo. Companies like UM, Walmart, and Gap 0:14:29.840 --> 0:14:32.440 have already been public in saying that they're going to 0:14:32.480 --> 0:14:35.920 have to raise prices in order to uh, you know, 0:14:36.000 --> 0:14:40.000 incorporate these increased tariffs, you know, especially for lower margin 0:14:40.120 --> 0:14:43.280 retailers and brands. There's no way around it. Edward Hurtsman, 0:14:43.320 --> 0:14:45.120 thank you so much for being with us. Thank you. 0:14:56.240 --> 0:15:01.280 Chinese hackers have implanted tiny micro chip since servers that 0:15:01.440 --> 0:15:04.400 made their way into the data centers of some of 0:15:04.400 --> 0:15:08.920 the world's biggest companies, including Amazon and Apple. It's all 0:15:08.960 --> 0:15:13.040 according to an investigation that was conducted by Bloomberg business Week, 0:15:13.440 --> 0:15:17.040 and it's important to note that in emailed statements, Amazon, Apple, 0:15:17.200 --> 0:15:20.040 and another company mentioned in this story, super Micro, have 0:15:20.120 --> 0:15:25.120 disputed summaries of Bloomberg BusinessWeek's reporting. Here to tell us 0:15:25.160 --> 0:15:29.000 more about this story is Jeremy Keen, Bloomberg editor. Jeremy, 0:15:29.080 --> 0:15:31.680 thank you very much for joining us. Can you maybe 0:15:31.720 --> 0:15:37.960 describe for our listeners the genesis of this story certainly 0:15:38.200 --> 0:15:41.680 UM so Jordan Robertson and Michael Riley, who report on 0:15:41.800 --> 0:15:46.880 cybersecurity for US out of Washington. They starting with the tip, 0:15:47.080 --> 0:15:51.800 they began researching the story, pursuing lead's they talked to. 0:15:52.920 --> 0:15:56.680 Eventually the number reached into the triple figures, more than 0:15:56.720 --> 0:16:00.200 a hundred people they spoke to, and then a core 0:16:00.240 --> 0:16:04.200 group of about seventeen UM people who gave us a 0:16:04.280 --> 0:16:08.400 window into the story. So let's talk about what the 0:16:08.440 --> 0:16:13.280 actual issue is. There was a micro chip that some 0:16:13.360 --> 0:16:18.400 of these big tech companies found in happenstance, Yes, tell 0:16:18.440 --> 0:16:21.640 us about that. Well, so you know, most people, I 0:16:21.640 --> 0:16:25.240 think are used to hearing about software hacking, where you know, 0:16:25.320 --> 0:16:28.520 people use code to to get data out of out 0:16:28.520 --> 0:16:31.880 of places, And this story is more about the technology 0:16:31.920 --> 0:16:37.800 supply chain and how UM official sources tell us that 0:16:37.880 --> 0:16:41.560 they UM that they were able to at the factory 0:16:41.640 --> 0:16:45.240 level get a small micro chip into a server motherboard 0:16:46.080 --> 0:16:50.440 operated at plants that were subcontractors to an American company 0:16:50.640 --> 0:16:53.400 they being China. That China was able to sort of 0:16:53.800 --> 0:16:59.120 get this micro chip into the motherboard right, and then people, 0:16:59.320 --> 0:17:01.360 this is a very This company sells a lot of 0:17:01.360 --> 0:17:05.480 server motherboards it goes into servers and those go into 0:17:05.560 --> 0:17:11.000 data centers UM for for clouds uh. In this case, 0:17:11.320 --> 0:17:13.520 a video streaming company was one of the ones that 0:17:13.560 --> 0:17:17.280 we focused on UM and then into the data centers 0:17:17.320 --> 0:17:19.760 run by larger entities, all right, Just to try to 0:17:19.800 --> 0:17:23.960 condense it, just at least from my mind. In Amazon 0:17:24.080 --> 0:17:27.320 was looking to take over a company called Elemental Technologies, 0:17:27.400 --> 0:17:30.360 and as part of the due diligence that they were 0:17:30.400 --> 0:17:33.840 doing to make this acquisition, they're based in Portland. This 0:17:34.000 --> 0:17:40.320 is Elemental, they had to ship some of the servers 0:17:40.359 --> 0:17:43.159 that the company used that was supplied by a company 0:17:43.200 --> 0:17:46.520 called super Micro or super micro Computer. They're based in 0:17:46.560 --> 0:17:49.280 San Jose. They take these servers they shipped into a 0:17:49.359 --> 0:17:52.040 third party to do an investigation, and what they find 0:17:52.200 --> 0:17:54.960 on the board on the motherboard here for these servers 0:17:55.359 --> 0:17:57.639 is a chip that was not part of the original design, 0:17:57.760 --> 0:18:02.560 right exactly, yes, And what does this chip allow whoever 0:18:02.640 --> 0:18:05.840 put it there? In this case, we maintain the Chinese 0:18:06.480 --> 0:18:09.280 what does it allow you to do? So I want 0:18:09.280 --> 0:18:11.400 to be clear that it's not that we're saying that 0:18:11.920 --> 0:18:14.600 there's evidence that user data was taken or anything like that, 0:18:14.640 --> 0:18:18.080 but they what it does, is it gives them deep 0:18:18.200 --> 0:18:20.720 level access to a computer. So at the at the 0:18:20.840 --> 0:18:25.400 level where UM an administrator might be able to access 0:18:25.440 --> 0:18:29.479 the system, that's what you get. So it's possible that 0:18:29.480 --> 0:18:33.359 that an attacker could get into a system without a password, 0:18:33.840 --> 0:18:37.040 look at different parts of the network, UM, and and 0:18:37.080 --> 0:18:40.600 that that kind of thing. Okay, But Amazon reported this 0:18:40.800 --> 0:18:42.240 right when they were they were looking to make this 0:18:42.280 --> 0:18:46.280 acquisition developmental and they found this out, they went WHOA, 0:18:46.760 --> 0:18:50.160 and they contacted the Department of Defense right right, And 0:18:50.200 --> 0:18:54.680 our reporting suggests, uh, they contacted the authorities. We don't 0:18:55.040 --> 0:19:00.240 know exactly um who who it was in this UM, 0:19:00.400 --> 0:19:07.239 they did UM, so that this one out and the 0:19:07.240 --> 0:19:09.639 the government already had some intelligence to suggest that this 0:19:09.680 --> 0:19:11.720 had been going to happen, and at the point that 0:19:11.800 --> 0:19:16.000 they learned that there had been a citing, they began 0:19:16.080 --> 0:19:18.600 to investigate it more deeply, and we report on that 0:19:18.640 --> 0:19:20.639 all right, So just sort of to give a sense 0:19:20.680 --> 0:19:24.200 of what the implications here are, because this is actually massive, 0:19:24.520 --> 0:19:30.439 the idea that China systematically implanted chips in the hardware 0:19:30.480 --> 0:19:33.840 that ended up on computers from everywhere from the Pentagon 0:19:34.160 --> 0:19:37.560 to the biggest technology companies, where they could basically have 0:19:37.640 --> 0:19:42.080 a backdoor entrance to a lot of different computers has 0:19:42.680 --> 0:19:45.960 huge and vast ranging implications. I'm just wondering. I mean, 0:19:46.359 --> 0:19:48.800 from what you were getting a sense of when you 0:19:48.840 --> 0:19:51.720 were talking with people, was this the reason why we're 0:19:51.720 --> 0:19:54.359 having trade tensions with China? Is this the reason why 0:19:54.680 --> 0:19:57.679 you know that the US government has been increasingly tense 0:19:57.760 --> 0:19:59.960 with the nation. What's going on here? Well, our report 0:20:00.119 --> 0:20:03.159 shows that it's certainly something that's been of concern. We 0:20:03.320 --> 0:20:06.280 report that there was a there were meetings that took 0:20:06.280 --> 0:20:10.439 place in several years ago at the high level that 0:20:11.040 --> 0:20:14.399 in which it was technology companies were asked, can we 0:20:14.440 --> 0:20:19.240 find a solution to this? Um? And no, no evidence 0:20:19.320 --> 0:20:22.919 that we've found one has emerged yet. UM As to 0:20:23.000 --> 0:20:26.720 what's going on, you know, behind behind the scenes, Uh, 0:20:26.840 --> 0:20:28.919 we don't know the extent to which is a motivating factor, 0:20:28.960 --> 0:20:31.400 but we do report that it's a reason for their concern. 0:20:31.800 --> 0:20:33.960 All right, Jeremy Keene, thank you so much for being here. 0:20:34.119 --> 0:20:36.440 This is not going to be a one day thing 0:20:36.560 --> 0:20:39.960 because the implications here are pretty substantial. We don't know 0:20:40.000 --> 0:20:44.199 whether China necessarily used this backdoor exit I believe to 0:20:44.400 --> 0:20:47.640 access any information, but it does have pretty broad implications 0:20:47.720 --> 0:20:50.879 for UH, the supply chains that we have with China 0:20:50.920 --> 0:20:53.320 where they make a lot of this technological equipment, as 0:20:53.359 --> 0:20:57.080 well as the ongoing tensions with respect to trade. Jeremy Keane, 0:20:57.160 --> 0:20:59.320 thank you so much for being with us. Jeremy Keane 0:20:59.320 --> 0:21:02.720 is Bloomberg editor who was working on this story that 0:21:02.840 --> 0:21:07.040 was reported out over a year with interviews with hundreds 0:21:07.080 --> 0:21:09.440 are actually more than a hundred individuals and Lisa brom 0:21:09.440 --> 0:21:11.680 WIT's along with my co host Pim Fox, and this 0:21:11.800 --> 0:21:25.080 is Bloomberg Markets. We turn our attention now to g 0:21:25.480 --> 0:21:28.960 W Pharmaceuticals and I want to introduce the chief executive, 0:21:29.040 --> 0:21:32.720 Justin go Over, and g W Pharmaceuticals is set to 0:21:32.800 --> 0:21:37.400 launch it's cannabis drug after receiving a favorable drug classification 0:21:37.480 --> 0:21:42.080 review from the Drug Enforcement Agency. It has been previously 0:21:42.440 --> 0:21:46.320 approved by the US Food and Drug Administration. Justin go Over, 0:21:46.480 --> 0:21:49.439 thanks for being with us. Tell us about the the 0:21:49.520 --> 0:21:52.159 schedule for the launch of this cannabis drug and what 0:21:52.200 --> 0:21:55.359 it's designed to do. Well, thank you for having me 0:21:55.480 --> 0:21:58.200 on the show. So so, this drug is called Epidialects. 0:21:58.359 --> 0:22:03.440 It's been approved by FDA for two forms of childhood 0:22:03.440 --> 0:22:06.840 onset epilepsy, so these are patients with seizures that have 0:22:07.560 --> 0:22:11.320 proven very difficult to control with existing anti epileptic drugs. 0:22:12.359 --> 0:22:16.400 The drug is UH contains a molecule called cannaby dial 0:22:16.520 --> 0:22:19.359 or CBD, which is a part of the marijuana plant 0:22:19.359 --> 0:22:22.160 that does not make you high. And the product itself 0:22:22.200 --> 0:22:26.000 has been standardized and formulated to f d A standards 0:22:26.040 --> 0:22:28.760 to produce a medicine that can be prescribed by doctors, 0:22:29.040 --> 0:22:32.440 reimbursed by insurers, and so on. So that medicine was 0:22:32.480 --> 0:22:35.119 approved at the end of June m The d e 0:22:35.240 --> 0:22:39.000 A had three months after the end of June to 0:22:39.160 --> 0:22:43.720 put the product into a schedule. They did that about 0:22:43.720 --> 0:22:46.600 a week ago. Now, um, it's the lowest form of 0:22:46.640 --> 0:22:53.600 class restriction classification within the scheduling regulations, and the drug 0:22:53.640 --> 0:22:56.359 will be available on prescription in about a month or so. 0:22:56.880 --> 0:22:59.760 How does the price of the drug compare with other 0:23:00.400 --> 0:23:06.120 anti epileptic medications. We've priced this medication such that it's 0:23:06.200 --> 0:23:10.280 in line with the other branded anti epileptic drugs that 0:23:10.720 --> 0:23:16.399 these patients use. So um, the philosophy behind that is is, 0:23:16.920 --> 0:23:20.959 you know, we believe that obviously this isn't an innovation 0:23:21.000 --> 0:23:25.040 of first in class therapy providing relief where other drugs 0:23:25.040 --> 0:23:27.320 have failed. But with that, with all of that said, 0:23:27.480 --> 0:23:30.960 we we we've taken a pricing approach which is essentially 0:23:30.960 --> 0:23:34.320 to be in line with with the care that these 0:23:34.320 --> 0:23:39.520 patients now receive. Justin you're also working on other types 0:23:39.640 --> 0:23:42.119 of therapies, Can you give us a hint of your pipeline? 0:23:43.680 --> 0:23:48.680 Certainly well At GW Pharmaceuticals, the company were founded actually 0:23:48.720 --> 0:23:53.040 twenty years ago with the sole focus of looking at cannabinoids, 0:23:53.080 --> 0:23:59.360 cannabinoids and molecules in the cannabis plant as potential pharmaceutical products. 0:23:59.400 --> 0:24:02.240 So what I mean by that is not medical marijuana 0:24:02.280 --> 0:24:06.400 and not sort of unstandardized, unregulated oils, but actually science 0:24:06.440 --> 0:24:10.560 based solutions with formulations that have been manufactured appropriately and 0:24:10.640 --> 0:24:15.359 taken through the FDA process. So, in addition to epilepsy, 0:24:15.920 --> 0:24:19.160 our work so far suggests that cannabinoids have promise within 0:24:19.200 --> 0:24:24.480