Cyber securityForeign made chips could be allowing hackers into U.S. networks

Published 11 July 2011

Foreign-made computer parts could be manufactured with flaws or viruses that make it easier for hackers to later infiltrate U.S. computer networks; last week before the House Oversight and Government Reform Committee, Greg Schaffer, DHS’s acting deputy undersecretary national protection and programs director, admitted that some foreign chips are being made with security vulnerabilities

Foreign-made computer parts could be manufactured with flaws or viruses that make it easier for hackers to later infiltrate U.S. computer networks.

Last week before the House Oversight and Government Reform Committee, Greg Schaffer, DHS’s acting deputy undersecretary national protection and programs director, admitted that some foreign chips are being made with security vulnerabilities.

 

I am aware of instances where that has happened,” Schaffer said.

Schaffer did not elaborate on which components, countries, or companies were manufacturing these contaminated electronics or whether they had resulted in specific cyberattacks.

His comments confirm the long-running suspicion that other countries or malicious actors have slipped contaminated components into the complex global supply chain that have eventually been used by the U.S. government and the private sector.

A contaminated device can act as a “Trojan horse” for foreign hackers that could jeopardize the entire network. These types of attacks are hard to detect and could allow malicious actors to steal mass quantities of information without being noticed.

Jim Lewis, a senior fellow at the Center for Strategic and International Studies, explained that the United States is not the only country at risk from these contaminated components as the global supply chain is vast, complex, and touches countries across the world.

The threat of a contaminated supply chain is a risk, but it’s a risk that everybody has, because it’s a global supply chain,” Lewis said.