Remember when we used to joke about not knowing what goes into our hot dogs? Well, it turns out we’re equally clueless about what goes into our electronics. Recent revelations about US companies being in the dark about their chip sources have got me thinking about the broader implications for our digital security.

The situation is both amusing and terrifying. Here we are, living in an age where we’re increasingly dependent on technology, yet half of US companies don’t even know where their chips come from. That’s like driving a car without knowing if the brakes were installed by a certified mechanic or your neighbour’s teenager.

Reading about the US government’s recent approval of $3 billion to remove Chinese telecoms equipment brought back memories of conversations I had with colleagues years ago. Back in 2015, while working on a government contract, we were already discussing the potential risks of foreign-made networking equipment. Many dismissed these concerns as paranoid, but here we are.

The cybersecurity landscape has shifted dramatically over the past decade. Working in IT, I’ve watched the gradual evolution from “buy whatever’s cheapest” to implementing zero-trust architectures and carefully vetting hardware suppliers. It’s fascinating how what was once considered conspiracy theory territory has become mainstream security policy.