A Department of Homeland Security (DHS) mucky-muck has 'fessed up about computer and networking gear being preloaded with malware, and other security nasties by foreigners. When asked about the rumors, Greg Schaffer, Acting Deputy Undersecretary of the DHS's National Protection and Programs Directorate, paused and admitted both DHS and White House have known about the problem for a while. In IT Blogwatch, bloggers wonder if the sky is falling.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Error'd: High-level Usage...
Neal Ungerleider reports:
...[I]n testimony before the House Oversight and Government Reform Committee...Greg Schaffer [said] Homeland Security and the White House have been aware of the threat for quite some time. .. This supply chain security issue essentially means that...technology being marketed in the United States was either compromised or purposely designed to enable cyberattacks.
...[I]t is not hard to imagine computers, portable devices, and components...being purposely infected with malware, spyware, or other forms of security-compromising software by...foreign companies or...governments. ...
......[S]trategic security compromises have been found in counterfeit and gray-market electronic products. ... [T]he executive branch is actively studying the risk of nation-states purposely installing...attack tools in software and hardware...marketed in the U.S.
Paul Suarez adds:
Schaffer admitted he is aware of instances when foreign-made technology was built with embedded security risks. ... He also pointed out that overseas components are found in many domestically manufactured electronics.
......[I]t's possible mainstream products could be infected. ...DHS declined to specify what kind of technology it found with embedded malware.
But how's it come to this, Steven Hodson?
The American supply chain...has changed drastically during our technological revolution ... [using] sub-contracts half a world away...by people who have no allegiance to the US.
...This really should come as no surprise. ... In our desire to have the newest and best at the cheapest possible price we have given up any control of...our cool gadgets and this is a perfect opening for all kinds of misuse.
Meanwhile, cayenne8 sees a business opportunity:
Seems like...setting up an expensive chip fabrication plant, all in the US, would be a profitable business venture. Market it to the US federal govt...certified not to have foreign malware. ... [They] would easily pay a premium...for a nice profit.It would go down good with politicos too...creating new US jobs.
And hairyfeet is slightly sarcastic:
[S]urprise surprise...you send all the manufacturing overseas to a country that has been artificially lowering the value of its currency...and then you're shocked they may be doing other not nice things? ... Can we get a duh? ... The very same country that was paying dirt farmers in Kosovo to dig up our crashed F117 so they could steal the tech? ... [W]hat makes you think they'd do anything naughty?...Why do you think they are so big? Its because they...steal every idea that ain't nailed down. ... [W]hat better way to steal ideas that put a bunch of backdoors...on the products that we are hooked on like crack?
Error'd: High-level Usage
Don't miss out on IT Blogwatch:
- Follow @richi, your humble blogwatcher, on Twitter
- Subscribe to the Computerworld Blogs newsletter
- Catch up with posts from the previous few days
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: email@example.com. You can also read Richi's full profile and disclosure of his industry affiliations.