select all

Talking With the Man Whose Techno-Thriller Is Based on a China Supply-Chain Hack

August Cole, one of the authors of Ghost Fleet: A Novel of the Next World War. Photo: Courtesy August Cole

In 2015, August Cole and Peter W. Singer published Ghost Fleet: A Novel of the Next World War, a techno-thriller about a war between China the U.S. that attempts to base everything on on real-world technology (the book has dozens of pages of footnotes). Ghost Fleet games out how China could potentially wage a successful war, given the American military’s overwhelming advantages. One of the ways China does that? Comprising the supply chain with a hardware hack that disables everything from GPS systems to F-35 jets. We got Cole on the phone after the Bloomberg’s story about a potential major supply-chain hack by the Chinese military in the hit the Web to get his read on the situation.

So to spoil the book a bit, China’s control of an electronics supply chain is major plot point in Ghost Fleet — it’s a way China disables most of the American military and a lot of the American infrastructure. Now something like it’s the cover story for Bloomberg. What’s it been like to see that come out?
We’ve been working to use fiction and narrative to help better understand the future of conflict. These kind of issues have been percolating through the defense world for a while. Getting people to actually see them as a threat or not an abstract problem that can be pushed down the road is really difficult. What we’d hoped to do with Ghost Fleet was talk about the larger rise of China, how we felt like it was being misunderstood and underappreciated for its strategic importance. We’ve tried to engage with people in the tech sector, in the military, in academia, in other corners of the world where folks are really interested in how technology is going to influence the future of conflict by using the book as a touchstone. We’re clear that the book is a work of fiction. It’s not predictions.

But we do see a lot of the elements of Ghost Fleet taking shape around us because we based the book in the world we’re in and the world that we saw coming. All the technology in Ghost Fleet is either real or in development and all these trends and dynamics were sourced. That’s why the book has hundreds of footnotes. So, seeing something like this is a moment of abject horror, because the reality of what you’ve imagined is taking shape on a scale perhaps even as big as what you might’ve created in the fictional universe. At the same time, I have to hope that this can galvanize the next steps to figuring out what to do about it.

When you were gathering string for this book in 2012 and 2013, what were you seeing that made you and your co-author worried about the supply chain and its vulnerabilities there?
The rules for Ghost Fleet was anything in it had to be real or in development, so we scoured everything from technology journals to mainstream media to talking with experts in various hackers to really figure out how we could go about undercutting U.S. military’s extreme advantage when it comes to modern warfare.

So much of the book is predicated on understanding from an adversary’s point of view what would you do it if you wanted to render the U.S. military unable to fight. You could break trust in technology like GPS or communications by creating back doors, through hardware hacking in an aircraft or other systems on ship. It’s not often done that there is this really imaginative red-teaming. It’s a lot easier to talk about the bad stuff that might happen if you can package it in a way that has sort of a fictional wrapper.

Have you had a chance to read the Bloomberg story?
I have, yeah.

Reading it, how much were you nodding along, saying this seems to track with what we were hearing when we were talking with experts? How did it read to you?
The Bloomberg story describes a hack in scale and scope would fit into the Ghost Fleet universe. What I actually took away from reading the story was a lot of these programs with the PLA in the Bloomberg story were reportedly running when we were working on Ghost Fleet. Immediately, I’m thinking, “What operations are being executed now that we don’t know about, that are either along the same lines or more imaginative and perhaps even more dangerous to the American military’s ability to conduct operations?”

What’s your read on both Apple and Amazon making incredibly strong denials that any of this hardware was used on them, or that they approached the FBI or any other agency about the sort of malignant hardware attack?
I don’t have any specific read on the details in the story as it relates to Amazon or Apple. From my past experience as a reporter, investigating the defense-industrial base and reporting on things like hacking, it’s really difficult to get people to talk about publicly until there’s an alignment around a new reality or understanding of the vulnerability like this. So, I would probably say it’s too early to really see how the companies will respond because the story has just broken. But I’m very curious to try to look at the larger conversation in the industry and as well as how those two companies confront this.

Apple and Amazon are what people are talking about, but there were 30 other companies that were potentially affected by this hack, even though from what was reported, nothing was ever compromised — just the potential was there.
It’s also worth thinking about that this is a facet of a larger problem that the defense community has been trying to get its hands around for a while: How do we trust the technology that we’re sourcing globally? It’s very difficult to be innovative in the 21st century if you’re not buying globally, if you’re not sourcing global talent, whether it’s for software programmers or acquiring new components. This is one of the really big paradoxes I think that we face. How do you ensure you can create levels of trust in the very systems that are literally life and death in times of conflict? DARPA has been working on some of these efforts, but I think this is certainly going to force a lot of that to a head again. Simultaneously, in the commercial sector where information assurance is also critical for a company, and for our own private lives. This is a really really important conversation to be having: understanding how much trust can we actually have in the technology that we count on. The answer may be we actually can’t trust a lot of the systems that we use as much as we want to. And then what?

Last question: have you seen sales of Ghost Fleet kick up?
Oh, that’s a good question. I haven’t seen yet. I don’t know how the sales have done in response to the report, but my hope though is that at least more people — whether they read the book or not — are going to be talking about this in some greater awareness and a better sense of urgency about tackling this kind of problem, which seems almost unimaginably huge in its scale.

This Techno-Thriller Is Based on a China Supply-Chain Hack