Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the U.S. digital supply chain. In fact, findings from a Bitsight report highlight how deeply interconnected businesses are, mapping over 61 million digital supply chain relationships.
“Over the past year, we’ve seen several highly-visible security incidents that highlight how incidents in the digital supply chain can have a massive ripple effect across the global economy,” says Ben Edwards, principal research scientist at Bitsight. “Even the most security-conscious companies are vulnerable to weaknesses in their supply chain. Organizations must continuously evaluate their third-party vendors and suppliers and work proactively to close security gaps.”
Key takeaways:
- One-third of the U.S. supply chain relies on software or services from companies formally designated by the Department of Defense as “Chinese Military Companies.”
- Two-thirds of the U.S. supply chain depends on companies with at least expected ties to Chinese state-linked entities, raising concerns about potential espionage, data security, and systemic risk.
- ByteDance Group (TikTok’s parent company) alone is connected to 35.4% of the U.S. market, demonstrating how even high-profile companies facing potential bans remain widely used.
- While “big tech” companies dominate supply chain security discussions, smaller specialized software providers can also pose significant risk to sectors and industries. Bitsight research identifies “Hidden Pillars,” the lesser-known technology companies that serve large portions—or even the majority—of specific industries.
- Some niche providers serve only a handful of companies yet support massive market share in industries like energy, finance, and logistics.
- Some of the most critical software and infrastructure providers operate with fewer than 50 employees, yet their technology is embedded in Fortune 500 companies and global enterprises.
- Aerospace, utilities, and financial services rely heavily on just a few specialized providers. A security failure at one of these companies could trigger cascading effects within and across industries.
- Providers use 2.5 times more products and have 10 times more internet-facing assets than consumers, making them more exposed to cyber threats.
- Providers depend on multiple sub-providers, which increases their risk exposure and can make addressing them more complicated.
- While providers outperform consumers in four of six security standards, including DMARC, SPF, DKIM, and DNSSEC, they lag behind in areas such as patch management, open ports, insecure systems, and botnet infections.
![Pros To Know 2025 [color]](https://img.sdcexec.com/files/base/acbm/scn/image/2025/01/Pros_To_Know_2025__color_.67856cb23da64.png?auto=format%2Ccompress&fit=crop&h=191&q=70&w=340)
