Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

The Supply-Chain Risk Might Be (Mostly) a Myth The Supply-Chain Risk Might Be (Mostly) a Myth

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech

The Supply-Chain Risk Might Be (Mostly) a Myth

Foreign network equipment can sometimes let hackers through. But those are largely crimes of opportunity, not premeditated attacks.

(nrkbeta/flickr)

photo of Brian Fung
May 24, 2013

Last fall, the House Intelligence Committee issued a scathing report on two companies looking to invest in the United States. Huawei and ZTE, both Chinese telecommunications firms, wanted entry. But committee chairman Rep. Mike Rogers (R-Mich.) was suspicious. He, along with the rest of his colleagues on the panel, worried that the companies’ networking equipment could be installed in U.S. facilities to enable foreign spying.

That type of exploit, known as a supply-chain attack, is the subject of a new Government Accountability Office report out this week. And what it finds is that while the risk is there, it may not be quite as large as we’ve been led to believe:

Officials from the companies and industry groups that we spoke with said that they consider the level of risk to be affected not by where equipment and components are made, but how they are made, particularly the security procedures implemented by manufacturers. Many of these officials also said they were not aware of any intentional attacks originating in the supply chain, and some said that they consider the risk of this type of attack to be low. Officials from four industry groups and one research institution we spoke with told us that supply chain attacks are harder to carry out and require more resources than other modes of attacks such as malicious software uploaded to equipment through the Internet, and, therefore, are the less likely vehicle to be used by potential attackers.

 

It’s rare to see equipment that contains built-in backdoors, said network operators. Instead, most vulnerabilities are generally the result of unintentional software bugs—accidents. 

Among those GAO interviewed were representatives from major telcos like AT&T and Verizon, as well as trade groups such as CTIA—The Wireless Association. Also included were U.S. and international equipment-makers Cisco, Intel and, yes, Huawei and ZTE. It’s still possible these officials have underestimated or downplayed the threat. But even as GAO was gathering information from the companies, it was also analyzing proposals to further insulate U.S. networks from external intrusions.

One idea on the table is to grant broader authority to the federal committee charged with approving international mergers. The Committee on Foreign Investment in the United States, or CFIUS, made headlines last year when it suggested President Obama should block a Chinese-owned company’s attempt to buy up a handful of Oregon wind farms.

Under the proposed expansion, CFIUS would have the ability to examine businesses’ procurement deals in addition to investment decisions. The House Intelligence Committee said in its October report on Huawei that any bills to that effect should be given a chance in Congress.

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Digital and Content Manager, E4C
American Society of Civil Engineers | New York, NY
PRODUCT REVIEW ENGINEER
American Society of Civil Engineers | CA
Neighborhood Traffic Safety Services Intern
American Society of Civil Engineers | Bellevue, WA
United Technologies Research Fellow
American Society of Civil Engineers | New York, NY
Process Engineering Co-op
American Society of Civil Engineers | Conshohocken, PA
Electrical Engineer Co-op
American Society of Civil Engineers | Findlay, OH
Application Engineer/Developer INTERN - Complex Fluids
American Society of Civil Engineers | Brisbane, CA
Application Engineer - Internships CAE/CFD Metro Detroit
American Society of Civil Engineers | Livonia, MI
Chief Geoscientist
American Society of Civil Engineers
Application Engineer - Internships CAE/CFD Metro Boston
American Society of Civil Engineers | Burlington, MA
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Civil Enginering Intern - Water/Wastewater/Site-Development
American Society of Civil Engineers | Sacramento, CA
Staff Accountant
American Society of Civil Engineers | Englewood, CO
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
 
Comments
comments powered by Disqus