VIEW 26
Supply chains and food chains
The Roman god Mercury is the god of financial gain and commerce, among other things. The word “merchant” comes from the shared Latin root “merx,” meaning merchandise. He was also the swiftest of the gods and so gave his name to the planet with the fastest (shortest) orbit and a metal also known as “quicksilver”: both are now named after Mercury.
Given the link with financial gain and capitalism, it may come as no surprise that mercury (the metal) is today a major industrial pollutant. Gold mining, cement production, coal power stations, iron smelting, and PVC production all emit mercury as a waste product, causing some 1,960 metric tons15 to be dumped into the environment every year.
A lot of this mercury ends up in the oceans, and from there it moves into the food chain.
At the bottom of this chain are the algae that absorb it in the form of methyl mercury. Squid and smaller fish like pollock or herring eat the algae. Methyl mercury is not soluble and therefore not excreted, but gradually accumulates in the muscle tissue of these species. As bigger fish like tuna and sharks eat these little fish, the concentration of mercury increases tenfold in a process called biomagnification. All the mercury in the food chain ends up being funnelled towards the top predators. As a result, the US Food and Drug Administration now advises children and pregnant women not to eat swordfish, bigeye tuna, and shark because their high levels of mercury make them potentially toxic.
Mercury is only one example of toxicity in the food chain. Other heavy metals like lead, insecticides like DDT, PCBs, and dioxins have all moved up the food chain to create toxic effects in humans.
We can see an analogous phenomenon in cyber security, known as supply chain poisoning, the most famous instance of which was the SolarWinds hack in 2020.
SolarWinds is the software company behind a system management tool called Orion. This monitoring tool had privileged access to the IT systems of more than 30,000 organizations in the US, including local, state, and federal agencies. Russian state-sponsored hackers planted malicious code in one of SolarWinds’ routine software updates.
When SolarWinds’ customers then installed this update, it created a back door through which the hackers could exfiltrate sensitive data.
Companies have a difficult enough task monitoring and securing their own internal systems as they grow in complexity.
So, they often take it on faith that a third-party vendor’s software is safe to use. At the same time, commercial software vendors are increasingly using open-source code or other third-party components themselves in their products, thus extending the supply chain and reducing visibility. This means the threat of supply chain poisoning with malware is growing.
A single hamburger can contain meat from as many as 100 different cows16 all mixed together. The E. coli infection scandals in the 1990s prompted restaurants to re-examine their supply chains. The SolarWinds hack prompted the same response in software supply chains.
