Imagine this scenario: a military communications facility is transmitting mission critical information to forward deployed ground troops and using sophisticated measures to prevent adversaries from hacking into the communications system. Yet, adversary hackers still were able to gain access to the critical information by exploiting a backdoor embedded in one of the thousands of hardware components that comprise today’s complex communications systems.
While this scenario is hypothetical, the risk of tainted or vulnerable components in mission critical systems is all too real.
The US government is one of the largest customers of information and communications technology (ICT) in the world. It’s projected to spend over $78 billion in information technology in 2015, more than 2 percent of the world’s anticipated expenditures on ICT this year — as predicted by market research firm, International Data Corporation. Notably, the President’s 2016 budget calls for an increase in federal IT spending to $86.4 billion.
The federal government’s ICT investments, however — as the Computer Security Division of the National Institute for Standards and Technology (NIST) recently recognized — are increasingly reliant upon lower cost and commercially competitive technology “with a complex, globally distributed and interconnected supply chain ecosystem that is long, has geographically diverse routes and consists of multiple tiers of outsourcing.” This increased reliance presents considerably increased cybersecurity risks due to the lack of direct interaction with, and control over, the many potential vendors (or counterfeiters) in the ICT supply chain that could intentionally or inadvertently insert a hardware or software vulnerability, backdoor or fault in one of the ICT solution components.
Read the complete report in the June/July Homeland Security Today: http://www.nxtbook.com/nxtbooks/kmd/hst_20150607/#/14