Testifying before the House Oversight and Government Reform Committee, acting deputy secretary of the DHS National Protection and Programs Directorate Greg Schaffer admitted on the record the that DHS is aware of instances were electronics imported into the United States have been pre-loaded with malware, spyware, and other cyber-security threats, and that both the DHS and the White House have been aware of the threat for some time.
When repeatedly asked a "softball" question by Utah representative Jason Chaffetz ® whether he was aware of instances where foreign-manufacturers software or hardware components had been intentionally embedded with security risks, Schaffer hesitatingly stated "I am aware of instances where that has happened."
Schaffer did not offer any details on the nature of the compromised technology, but did emphasize that many American-made systems use components from foreign manufacturers. The implication is that foreign agencies or interests are using international suppliers to get compromised software and equipment into the supply chain, potentially laying the groundwork for cyberattacks against U.S. infrastructure systems or even everyday consumers. The attacks could take the form of security holes that provide access to sensitive and/or classified information, or could potentially provide a foreign power the ability to cripple portions of the U.S. infrastructure, causing significant economic damage to the country.
Edited by Union_Thug, 11 July 2011 - 09:44 PM.