via The National Journal
A top Department of Homeland Security official acknowledged on Thursday that some foreign-made components in American electronic devices have been found to be predesigned to allow cyberattacks.
“I am aware of instances where that has happened,” Greg Schaffer, who on June 5 was named acting deputy undersecretary at DHS’s National Protection and Programs Directorate, told a hearing of the House Oversight and Government Reform Committee.
After repeated questioning by Rep. Jason Chaffetz, R-Utah, Schaffer admitted that officials are aware of such tampering. The question of so-called “supply chain” security is controversial, given that many electronic components are manufactured overseas, but it is still unclear how pervasive the problem may be.
“Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions,” the White House’s Cyberspace Policy Review says.
Despite the risk, the White House plan does not aim to blame specific suppliers. “A broad, holistic approach to risk management is required rather than a wholesale condemnation of foreign products and services,” it recommends.
Schaffer was one of four top administration officials on hand Thursday to testify about the White House policy proposal, which calls for more information-sharing between private industry and government agencies and modifying the Federal Information Security Management Act to require continuous monitoring of government networks.