Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Advertisements

Aid And Comfort To The Enemy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

See also:
SCADA Vulnerabilities Patched in Two Industrial Control Software from China
Chinese Weapon Systems Vulnerable To SCADA Hack
US warns China software risk to public infrastructure
US Warns of Problems in Chinese SCADA Software
Software bugs discovered in Chinese-made applications
China’s weapons systems have exploitable software bugs
Department Of Homeland Security Cites China Vulnerability
Exclusive: China software bug makes infrastructure vulnerable
US reveals Stuxnet-style vuln in Chinese SCADA ‘ware
Critical vulnerability in industrial control software

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Weakest Link In The Chain

Who’s running the show here, Microsoft?

Cyber Command chief suggests Pentagon networks are vulnerable

In his first hearing before the House Armed Services Committee, new US Cyber Command head Gen. Keith Alexander offered a troubling window into the threats that Pentagon networks face at the hands of terrorist and criminal syndicates, foreign intelligence organizations, and “hacktivists” intent on infiltrating power grids and financial networks.

These are threats that could hamper the US war effort in Afghanistan. Though the command recently deployed an “expeditionary cybersupport” unit to help to defend US networks in Afghanistan, Alexander on Thursday told the committee: “We’re not where we need to be” in ensuring the security of US military networks there.

In the past, cyberattackers have been able to steal key information from the US troops who rely on sophisticated equipment, including data on convoy supply routes, according to senior US officials.

Every hour, there are some 250,000 attempted attacks on Defense Department networks worldwide, Alexander told the committee. Throughout the Department of Defense, there are more than 15,000 different computer networks, including 7 million computers on some 4,000 military installations, committee chairman Rep. Ike Skelton (D) of Missouri pointed out.

See also:
Cybercom Chief Details Cyberspace Defense
Pentagon Faces Massive Cyber Threats
Military’s cyber defense limited in protection of US, top general says
Gaps in authority hamper military against cyber-attacks
Pentagon: Military networks vulnerable
Cyber Command chief proposes secure network for government, key industries
US reviewing ways to fight cyber attacks: general
Cyberwar Chief Calls for Secure Computer Network
An army of tech-savvy warriors has been fighting its battles in cyberspace
NSA chief envisions ‘secure zone’ on Internet to guard against attacks
White House reviews nation’s cybersecurity

Well, obviously, for starters, you could solve most of these problems by severing all connections between critical defense and infrastructure networks and the public internet. I’m pretty sure they already know that, so I’m not sure why this basic step has yet to be completed.

/today’s U.S. warfighters are so dependent on electronics that I sometimes wonder what would happen if, say an EMP attack disabled all their electronic gear, are they even trained to fight the old fashioned way anymore or would they be helpless?