Malicious Code in the IT Supply Chain Threatens Federal Operations
March 23, 2012
Agencies that deal with national security data and programs must do more to secure their information technology supply chains, a government watchdog said Friday.
Federal agencies aren't required to track "the extent to which their telecommunications networks contain foreign-developed equipment, software or services," the Government Accountability Office report said, and they typically are aware only of the IT vendors nearest to them on the supply chain, not the numerous vendors downstream.
That has left IT systems at the Energy, Homeland Security and Justice departments more vulnerable to malicious or counterfeit software installed by other nations' intelligence agencies or by nonstate actors and hackers.