Week of Sunday, March 29, 2026

The Center for Strategic and International Studies tracked vessel movements through the strait using satellite and AIS data (the automatic identification system that all commercial ships broadcast for tracking and collision avoidance). Before the war, 153 ships transited daily. By March 2, that number fell to 13. Chinese and Hong Kong-flagged vessels dropped from 49 transits in the last week of February to two in the first two weeks of March. Fifty-five Chinese ships remain trapped inside the Persian Gulf. On March 27, Iran turned back two Chinese container vessels near Larak Island. Ships across the region began broadcasting "Chinese owner" and "Chinese crew" on their transponders, a kind of diplomatic bulletproofing that worked for some and not others. Iran announced five nations would receive safe passage: China, Russia, India, Iraq, and Pakistan. In practice, enforcement has been inconsistent. Lloyd's List tracked 26 ships using what it called Iran's "de facto toll booth" since March 13, with passage fees estimated at $2 million per transit. At least two of those payments were made in Chinese yuan. Iran's parliament is working to formalize the process. Deutsche Bank called it "the making of the petroyuan."

China's advantage isn't passage. It's preparation. Beijing spent the last decade building an energy architecture that doesn't depend on a single chokepoint. Russian crude flows through the Eastern Siberia-Pacific Ocean pipeline. Central Asian gas arrives through pipelines from Turkmenistan, Uzbekistan, and Kazakhstan. Russian pipeline gas exports to China rose 25% to 38.8 billion cubic meters in 2025, surpassing what Russia sends to Europe for the first time. A Myanmar pipeline connects the Indian Ocean coast directly to Yunnan province, bypassing the strait entirely. Chinese oil imports surged 16% in January and February 2026. Combined strategic and commercial stockpiles now sit at roughly 1.2 billion barrels, approximately 100 days of imports. India has 9.5 days.

China was also, until four weeks ago, the fuel supplier for half of Southeast Asia. The Philippines got roughly half its jet fuel from China. Bangladesh, roughly half. Australia, a third. On March 5, Beijing's National Development and Reform Commission ordered all refiners and traders to halt exports of diesel, gasoline, and jet fuel until at least the end of March. The Philippines declared a national energy emergency on March 24. Gasoline breached 100 pesos per liter for the first time in the country's history. Bangladesh is days from running dry. Vietnam has less than 20 days of oil reserves. Vietnam Airlines scaled back Pacific routes.

On March 18, China made the leverage play explicit. The Taiwan Affairs Office announced: "We are willing to provide Taiwan compatriots with stable and reliable energy and resource security, so that they may live better lives." The offer was tied to reunification talks under the "one country, two systems" framework. Taiwan rejected it. President Lai Ching-te said energy supplies were secured through April and announced $44.4 billion in US energy purchases through 2030. But Taiwan imports 96% of its energy by sea. The offer was not charity. It was a demonstration of what China controls and what it can withhold.

The infrastructure for selective supply already exists. China Petroleum & Chemical Corporation, the state-owned company known as Sinopec and the world's largest oil refiner by capacity, has a $3.7 billion refinery deal and 150 fuel stations in Sri Lanka. Chinese firms hold a 90% stake in Laos's power transmission grid under a 25-year concession. A Chinese company is building Cambodia's first oil refinery at $3.5 billion. Belt and Road energy investments hit a record $93.9 billion in 2025, with fossil fuels accounting for 74%.

Chinese grid management carries a second risk beyond dependency. In 2023, the Cybersecurity and Infrastructure Security Agency warned that Volt Typhoon, a Chinese state-sponsored group, had pre-positioned access inside US critical infrastructure including energy systems. Countries accepting Chinese-built grid infrastructure under financial duress are unlikely to conduct the security assessments that took the US intelligence community years to complete on its own systems. Laos didn't just outsource its power grid. It outsourced the attack surface that comes with it.

The countries that depended on Chinese fuel before the crisis are breaking under its absence. Sri Lanka declared every Wednesday a public holiday on March 16. Six weeks of fuel reserves. Fuel prices up 33% since the war began. Pakistan closed schools across three provinces and put half its civil servants on work-from-home. Its wheat harvest begins in April, and fuel-dependent agricultural costs will drive food inflation into households that have almost no capacity left to absorb it. Egypt hiked petrol, diesel, and cooking gas prices 15-22% and ordered malls and shops to close by 9 PM on weekdays. Nigeria recorded a 39.5% fuel price increase between February 23 and March 16.

Brent crude, the international benchmark oil price, closed at $112.57 on March 28. The Dallas Federal Reserve projects the disruption will cut global GDP growth by 2.9 percentage points in the second quarter. The International Energy Agency coordinated the largest strategic petroleum reserve release in history, 400 million barrels led by 172 million from the United States, but delivery takes 120 days. The demand destruction economists predicted at $120 oil is already happening. Just not in the countries that can afford it.

That same day, the president signed an executive order imposing a 10% tariff on all imports under a different legal authority. It took effect four days later. The old tariffs died. New ones replaced them before the ink was dry.

The refund process created its own problem. More than 2,000 companies have filed claims. But plaintiffs' firms are now filing consumer class actions in Georgia, Florida, and New York, arguing that companies passed tariff costs to consumers through higher prices and owe that money back. If your company raised prices, blamed tariffs publicly, and is now seeking a government refund, you face claims from both sides.

That confusion is a gift to the fraud operators described later in this brief. Thousands of companies are now expecting large government refunds through unfamiliar processes. Plaintiffs' firms are sending settlement communications to companies they've never contacted before. New banking relationships are being established to process claims. Every one of those is a pretext a business email compromise operator can replicate. The tariff refund process has created exactly the kind of urgent, high-dollar, unfamiliar transaction flow that BEC campaigns are built to exploit.

Then the second hit. On March 11, the United States Trade Representative launched Section 301 investigations against 16 economies: China, the EU, Japan, India, Mexico, Korea, Taiwan, Vietnam, Thailand, Indonesia, Malaysia, Cambodia, Bangladesh, Singapore, Switzerland, and Norway. The investigations target overcapacity in 21 manufacturing sectors including semiconductors, batteries, steel, chemicals, and robotics. Section 301 is the same legal authority behind the original China tariffs in 2018. It survived the Supreme Court ruling because it operates under a different statute.

That list of 16 countries is the problem. Companies that spent the last eight years rerouting supply chains away from China moved production to Vietnam, Thailand, Mexico, and India. Every one of those alternatives is now under investigation. The workarounds may be about to get their own tariffs.

In the 2025-2026 auction, capacity prices jumped from $28.92 per megawatt-day to $269.92. An 833% increase. Data centers drove 63% of that price increase, according to the Institute for Energy Economics and Financial Analysis. The cost passed through to residential bills: $9.3 billion spread across PJM's service territory. Baltimore residents saw bills jump roughly $17 per month. Residents across Virginia reported winter electricity bills doubling or tripling.

The rate disparity tells the rest of the story. Residential electricity prices rose 25% between 2020 and 2024. Over the same period, large consumers, data centers included, negotiated bulk contracts at rates unavailable to households locked into monopoly utilities. Between 2022 and 2024 alone, commercial rates rose just 3% while industrial rates actually fell 2%. Near data center concentrations, wholesale electricity costs increased up to 267% over five years.

On March 4, seven companies signed the White House Ratepayer Protection Pledge: Amazon, Google, Meta, Microsoft, OpenAI, Oracle, and xAI. They committed to "build, bring, or buy" all energy needed for their data centers and pay for infrastructure upgrades. The pledge has no enforcement mechanism. Electricity is regulated at the state level, not the federal level. And building your own power plant does not get you off the grid. Transmission and distribution infrastructure is shared. When a data center builds a dedicated gas plant or restarts a nuclear reactor, the grid upgrades required to connect it are socialized across every ratepayer in the territory.

The demand is outpacing the infrastructure built to support it. A 2024 Government Accountability Office report found that the US electric grid's distribution systems are increasingly vulnerable to cyberattack and that most utilities lack the resources to address the threat. Higher capacity prices fund generation, not security. Meanwhile, the buildout is concentrating more compute, more data, and more AI models in facilities going up faster than security architectures can mature. Data centers are high-value targets sitting on grid infrastructure that wasn't designed for what's being asked of it.

States that spent years offering tax incentives to attract data centers are reversing course. Illinois Governor Pritzker announced a two-year suspension of data center tax incentives, effective July 1. Virginia is considering ending a tax break that costs the state $1.6 billion per year. More than 300 data center bills have been filed across 30 states in early 2026. The political ground shifted from "attract" to "regulate" in a single budget cycle.

Criminal syndicates across Southeast Asia, Africa, and Latin America run fraud compounds housing hundreds of thousands of people trafficked from nearly 80 nationalities. Passports confiscated. Fourteen-hour days running pig butchering schemes (long-con investment fraud where victims are groomed over weeks), romance scams, and business email compromise campaigns. The UN Office of the High Commissioner for Human Rights estimates more than 220,000 people are held in scam compounds across Myanmar and Cambodia. INTERPOL found that AI-enhanced fraud is now 4.5 times more profitable than traditional methods.

The fraud that reaches your company is the last step in that pipeline. The Federal Bureau of Investigation's Internet Crime Complaint Center reported $2.8 billion in business email compromise losses in 2024 from 21,442 complaints. BEC accounted for 73% of all reported cyber incidents involving fraudulent wire transfers, up from 44% in 2023. The average loss is roughly $130,000, but single incidents regularly reach millions. Arup, the UK engineering firm, lost $25.6 million after an employee was deceived by a deepfake video call impersonating the CFO and other executives. Orion SA disclosed a $60 million BEC loss in a Securities and Exchange Commission filing.

When it happens to your company, the clock starts. You have 72 hours to contact the FBI's Recovery Asset Team and your bank to attempt a wire recall. The FBI's team froze $538 million across 3,008 incidents in 2023, a 71% success rate when they're contacted in time. After that window closes, or if the funds move internationally or convert to cryptocurrency, recovery drops to near zero.

Then the cascade. Your cyber insurance policy may not cover it. Social engineering fraud is frequently excluded or sublimited in standard policies. Typical sublimits run $100,000 to $500,000, well below the average loss. If you're a public company, a material loss triggers an 8-K disclosure to the SEC within four business days. If the scam impersonated a vendor, you may need to notify that vendor, and now they're questioning every invoice you've ever sent. Most incident response plans were built for data breaches, not for the moment your CFO authorizes a wire to a trafficking compound in Myanmar.

That level of concentration is the norm, not the exception. Forty percent of generic drug markets in the United States have only a single manufacturer supplying the entire market. China is the sole supplier of at least one key starting material for 37% of all active pharmaceutical ingredients. For generic antibiotics, US dependence on Chinese-sourced ingredients runs to 90%. Heparin, the most widely used blood thinner in hospitals worldwide, relies on China for nearly 80% of global crude supply. In 2008, contaminated heparin from China killed 81 Americans.

India fills roughly 47% of generic prescriptions in US pharmacies. But India imports 70% of its own pharmaceutical ingredients from China, and up to 90% for critical antibiotics like penicillin and cephalosporins. When you trace the full supply chain, China's effective control over the US generic drug supply is closer to 80%.

The Hormuz crisis is compressing these vulnerabilities in real time. India depends on the strait for a significant share of its crude oil imports. Petrochemical feedstocks derived from that crude are building blocks for pharmaceutical solvents and intermediates. Chemical inputs from China are commonly consolidated through Dubai logistics hubs before reaching Indian drugmakers. Those hubs are disrupted. Air cargo rates from India surged 250-300% on some routes. Industry analysts warn drug prices could rise 10-20% from the end of March as buffer stocks deplete. Manufacturers typically hold about three months of inventory. For high-volume generics like antibiotics, diabetes medications, and statins, shortages could begin within weeks.

The Food and Drug Administration currently lists 195 active drug shortages. The American College of Physicians declared drug shortages a public health crisis in August 2025. Congress passed the BIOSECURE Act in December 2025, limiting federal contracts with designated Chinese biotechnology companies, but the five-year unwinding period means the structural dependency will persist through at least 2030.