Vulnerabilities in global supply chains open opportunities for foreign adversaries to exploit U.S. critical infrastructure via cyber warfare, according to Director of National Intelligence James Clapper.
In his prepared testimony at a Senate Select Intelligence Committee hearing this week, Clapper wrote:
The U.S. and other national economies have grown more dependent on global networks of supply chains. These web-like relationships, based on contracts and subcontracts for component parts, services, and manufacturing, obscure transparency into those supply chains. Additionally, reliance on foreign equipment, combined with a contracting pool of suppliers in the information technology, telecommunications, and energy sectors, creates opportunities for exploitation of, and increased impact on, US critical infrastructures and systems.
Interdependence of information technologies and integration of foreign technology in US information technology, telecommunications, and energy sectors will increase the potential scope and impact of foreign intelligence and security services' supply chain operations. The likely continued consolidation of infrastructure suppliers -- which means that critical infrastructures and networks will be built from a more limited set of provider and equipment options -- will also increase the scope and impact of potential supply chain subversions.
Such a statement probably wouldn't surprise defense contractor Lockheed Martin.
Last November, senior Lockheed cyber officials said that as the company works to bolster its defenses against cyber attacks, adversaries are eying the company's supply chains. As InsideDefense.com reported:
Chandra McMahon, Lockheed Martin's vice president and chief information security officer for enterprise business services, said adversaries are focusing more on the supply chain to steal information for use in attacks on Lockheed. These adversaries have been successful, leading Lockheed to extend some initiatives to help its suppliers improve their cyber resilience, McMahon said at the National Press Club.
McMahon pointed to an attack last year that she termed a "double supplier compromise." An unnamed adversary was able to get information from Lockheed supplier RSA and from another supplier and put those pieces together to launch an attack against Lockheed, she said, though the company was able to stop the attack before losing any data.
To view the full story, click here.
-- John Liang