IN THE NEWS
New Supply Chain Cybersecurity Threats Emerge
August 27, 2018
For reasons of speed and efficiency, the U.S. government transacts electronically with important suppliers of goods and services, giving them access to specific systems to exchange routine business information. Aware of this vulnerable entry point, hackers representing nation states like China and Russia regularly attack these suppliers to infiltrate government systems.
This is old news. A novel means to penetrate the country’s cyber defenses has surfaced — Chinese-made mobile phones. The Federal Bureau of Investigation, Central Intelligence Agency, and National Security Agency have warned American consumers not to use smartphones made by ZTE and Huawei, two Chinese smartphone manufacturers. The phones’ software may have been modified for intelligence gathering.
The country’s leading national security organizations are concerned that millions of Americans could use these smartphones to buy products from a company that also sells to the government. Assuming the device is embedded with malware, the consumer may inadvertently open a back door into the supplier’s systems, the malware worming its way to the system providing access to the government. So far this year, two such supply chain attacks allegedly perpetrated by Chinese hackers have occurred, according to Crowdstrike’s 2018 Threat Report.