The US imposing a ban on connected car technologies linked to China and Israel mounting a supply chain attack in Lebanon over the past year have led to a shift in how global supply chains are conceptualised and operationalised — from just-in-time (efficiency) and just-in-case (resiliency) to just-to-be-secure (security). How can a globally interlinked developing country like India address supply chain security risks without jeopardising the country's economic growth?
From a geopolitical point of view, there are three primary supply chain security risks for India: espionage, undermining of cognitive autonomy, and sabotage. We argue that a nuanced risk-based framework can address supply chain security concerns without necessarily damaging the economy. Knee-jerk extreme approaches such as fully localised supply chains or unencumbered supply chains may benefit either security or the economy but not both at the same time.
Framing India’s response
As far as espionage is considered, all devices connected to and transacting in cyberspace can be potentially used for espionage. While Chinese electronics may be theoretically more vulnerable (by having backdoors), ensuring that electronics supply chains do not contain Chinese components is not going to necessarily address the espionage concern. Vulnerabilities in devices such as smartphones and connected car tech can still be exploited by a determined malicious actor (Chinese or otherwise). In any case, addressing supply chain security risks for all consumer electronics may be a mammoth task with low returns. It would be beneficial if greater efforts are directed towards making consumers aware of cybersecurity practices to take care of concerns at the software end, and to employ ‘trust but verify’ for concerns at the hardware end.
As Goswami, Panicker and Das (2025) suggest in their recent Takshashila study on electronic hardware supply chain security, trust but verify strategy could involve ‘ex-ante checks’ which ‘are implemented before technology integration’. Further, ‘due diligence, including detailed supply chain mapping, technological vulnerability assessments, and rigorous certification processes’ could strengthen this strategy. We suggest the addition of random and/or periodic audits and inspections to the trust but verify approach.
To safeguard cognitive autonomy, squeeze China’s role in social media
For India, cognitive autonomy is perhaps as important (if not more) as securing the supply chains for the most critical sectors. Ensuring cognitive autonomy would demand strict restrictions on the involvement of China in social media platforms.
To address the risks of sabotage that affects India’s critical sectors such as telecom, power and space, Chinese components can be banned altogether and a strategy of zero trust can be applied for the rest of the suppliers. This would mean employing learnings from the National Security Directive on Telecommunication Sector in force from 2021 that requires Indian telecom players to only source from original equipment manufacturers that meet the government's trusted source criteria. Such a criteria could be developed for each sector. This model is currently being considered for India’s power sector as well.
The risk-based framework may not be neatly applicable to the most sensitive sectors such as defence and intelligence. Because in these sectors espionage is a more serious issue than it is for other non-sensitive sectors. For the sensitive sectors, zero trust strategy with strongest checks during procurement and monitoring for the entire product/service lifecycle may be required.
Employment of trust but verify for addressing espionage concerns in sectors such as consumer electronics and zero trust for addressing sabotage concerns in sectors such telecom and power could contribute to making global supply chains more secure. But the extent of this contribution would hinge on India’s presence in global supply chains for these sectors.
The implementation of a nuanced risk-based framework for addressing supply chain security would require a unified whole-of-government approach. To put this framework into motion, we reiterate the recommendation by Goswami, Panicker and Das (2025) of establishing a Supply Chain Technical Office under the National Cyber Security Coordinator.
Country agnosticism
At this point it is important to clarify that while China remains the primary geopolitical threat-actor for India, solutions aimed at addressing supply chain security concerns should not just focus on exports out of China but the entirety of India’s supply chain.
This is because vulnerabilities in India’s supply chains can be exploited by friends (Israel, the US for example) and foes (China and Pakistan, for example) alike. Even when supply chains for certain tech products have no Chinese element, Beijing can still mount a supply chain attack if it discovers an existing vulnerability or is able to infiltrate and plant one.
Therefore, instead of China-focused ‘just in case’ resilient supply chains involving friends or near-or back-shoring is not the solution, India should adopt a country-agnostic risk-based framework. As an asymmetric response, India could also contribute to supply chain security nationally as well as globally by supporting the development and adoption of open technologies, including open hardware, standards, protocols and software.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
