Digital Conflict

By Kevin Coleman

Blog archive

Counterfeit hardware poses security risk

A few weeks ago at a cyberwarfare training program, I was asked what single action would have the biggest impact in securing our critical military and intelligence systems? That is a very interesting question that has been on my mind ever since. The answer came on a conference call that took place late last week. On that call the question of supply chain security came up, specifically asking what percentage of components used in a critical piece of security hardware were foreign sourced. For background data, only about 20 percent of all computer chips are made in the United States. The vendor danced around the quest and then a sales representative said, “No one has ever asked this question before, so we should move on.”

That is a dangerous attitude given that counterfeit computer hardware is viewed as a significant problem by private corporations and the military. Two years ago there was a White House report that noted that there had been several “unambiguous, deliberate subversions” of computer hardware.

As I experienced on the conference call, vendors routinely try to side-step this critical security issue. In order to guard against processor level cyberattacks or potential product compromise, vendors should be required to disclose, in a classified setting, all known or suspected vulnerabilities in the devices proposed for use in sensitive security applications or systems. This should be done during the request for proposal process—a proper assessment of the cyber security risks must be part of the offer evaluation. And while you are at it, ask the vendor is they are selling products to China and complying with the rule China enacted this past spring that requires detailed disclosure of the inner-workings of 21 different categories of security products.

Posted by Kevin Coleman on Dec 16, 2010 at 12:12 PM


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.