Digital Conflict

By Kevin Coleman

Blog archive

Counterfeit hardware poses security risk

A few weeks ago at a cyberwarfare training program, I was asked what single action would have the biggest impact in securing our critical military and intelligence systems? That is a very interesting question that has been on my mind ever since. The answer came on a conference call that took place late last week. On that call the question of supply chain security came up, specifically asking what percentage of components used in a critical piece of security hardware were foreign sourced. For background data, only about 20 percent of all computer chips are made in the United States. The vendor danced around the quest and then a sales representative said, “No one has ever asked this question before, so we should move on.”

That is a dangerous attitude given that counterfeit computer hardware is viewed as a significant problem by private corporations and the military. Two years ago there was a White House report that noted that there had been several “unambiguous, deliberate subversions” of computer hardware.

As I experienced on the conference call, vendors routinely try to side-step this critical security issue. In order to guard against processor level cyberattacks or potential product compromise, vendors should be required to disclose, in a classified setting, all known or suspected vulnerabilities in the devices proposed for use in sensitive security applications or systems. This should be done during the request for proposal process—a proper assessment of the cyber security risks must be part of the offer evaluation. And while you are at it, ask the vendor is they are selling products to China and complying with the rule China enacted this past spring that requires detailed disclosure of the inner-workings of 21 different categories of security products.

Posted by Kevin Coleman on Dec 16, 2010 at 12:12 PM


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.