Incident Highlights Supply Chain Management Issues

This was written by Jack Mann on Wednesday, November 25, 2009, 11:58.

One of the central worries for cyber security professionals is the issue of supply chain management, namely ensuring that hardware and software produced abroad is not pre-infected with added features to allow future access by a foreign power. This issue was highlighted recently when a California man plead guilty to charges that he sold counterfeit computer chips to the US Navy.

From 2007 to 2009, the man, along with two accomplices, imported chips from China and sold them to the US Navy. The group would re-brand the chips to make them appear to be of better quality or different brands. The group imported over 13,000 chips worth over $140,000.

The incident demonstrates some critical issues cyber security professionals are presently facing. With the globalized market, it is often difficult to ensure that any software or hardware that is produced and purchased abroad has not been tampered with. In this incident, it does not appear that malware was included on the chips. However, the potential for massive data breaches from supply chain problems is one that has no effective redress at present.