Tuesday, March 27, 2012

National Security-Related Agencies Have No ITC Supply Chain Risks?

Last week, the GAO said that defense-related departments have a security problem because of software, hardware, and components sourced or manufactured overseas, especially China. The departments in question don't track these items, and maintain that no threat exists, or the cost of monitoring exceeds the cost of the risk. This is disingenuous at best.

Now, today, the GAO reports that suspect counterfeit electronic parts can be found on DOD supply chain Internet purchasing platforms.

I recall Whitfield Diffie addressing a RSA conference state that one of his greatest security fears is components calling home (to China). This type of threat has movie written all over it, but this doesn't make it any less real.

Australia has no such qualms, however. It's blocked Huawei from bidding on gear for its National Broadband Network. It seems that foreign governments, especially in Asia, are much more aware of these threats. At least the US Congress has blocked sale of some US high-tech companies to Chinese enterprises controlled by the PLA.

There are other IT security lessons that Australia can teach us.