Defense Department employees have procured thousands of printers, cameras and computers that carry known cybersecurity risks, and the practice may be continuing, according to an audit released Tuesday by the Pentagon’s inspector general.
More than 9,000 commercially available information technology products bought in fiscal 2018 could be used to spy on or hack U.S. military personnel and facilities, the report said. Without fixing oversight of such purchases, more risks lie ahead, potentially including perils for top-dollar weapons that use such “commercial-off-the-shelf” or COTS devices.
Despite cybersecurity concerns that U.S. Department of Defense strategists have admitted “keep them awake at night,” a review by the U.S. military’s Inspector General has found that significant purchases of “COTS information technology items with known cybersecurity risks” were made last year. It is estimated that “70 to 80% percent of the components that comprise DOD systems are COTS items.”
The heavily redacted IG report highlights “at least” $33 million of Government Procurement Card purchases of equipment from the likes of Lenovo, Lexmark and GoPro. As a result, it warns, “adversaries could exploit known cybersecurity vulnerabilities that exist in COTS items, and missions critical to national security could be compromised.”
The risks identified refer to “micro-purchases” of less than $10,000 an item. This does not include the traditional defense acquisition process but instead “fixed-price commercial...
Few Americans have experienced China like Jonathan D. T. Ward who speaks Chinese and crisscrossed the Middle Kingdom. Dr. Ward earned his PhD in China-India relations at the University of Oxford and founded the Atlas Organization, a consultancy focused on the rise of China and India, the new geopolitics of the Indo-Pacific, and US-China global competition. His new book China’s Vision of Victory describes how the Chinese Communist Party is guiding a country of 1.4 billion people towards what it calls “the great rejuvenation of the Chinese nation,” and, with it, the end of an American-led world.
Roslyn Layton spoke with Dr. Ward about his new book and its key takeaways including the importance of economic competition, building a global economic alliance...
Chinese telecommunications giant Huawei secretly helped the North Korean government build and maintain a wireless network, The Washington Post reported Monday.
Internal documents obtained by the outlet show Huawei worked with Chinese state-owned firm Panda International Information Technology for at least eight years on a variety of projects.
The partnership reportedly makes it difficult to discern Huawei’s involvement in the projects.
Read more here.
A former Huawei employee shared detailed spreadsheets, telling the Post that the information is of public interest. Others shared past work orders and contracts. Taken together, the...
Lenovo has confirmed that a “high severity” security vulnerability has left users of specific network-attached storage devices with data exposed to anyone who went looking for it. How much data? How does at least 36TB grab you? That’s the number that the security researchers who uncovered the vulnerability in the Lenovo-EMC storage products put on the data leak at the time of the discovery.
According to the Vertical Structure report, security researchers found “about 13,000 spreadsheet files indexed, with 36TB of data available. The number of files in the index from scanning totaled 3,030,106.” Within these files, the report reveals, a “significant amount” with sensitive financial information including card numbers and financial records were found.
It is well known that the Chinese government has the country on lockdown: people are monitored 24/7 with millions of CCTV cameras; the “Great Firewall of China” blocks access to unapproved content and tracks attempts to circumvent it; municipal party leaders keep tabs on citizens. All networks and equipment are operated by companies either owned by the government or are beholden to them.
All surveillance data is aggregated into a unified system of social credits intended to standardize the assessment of the social and financial reputations of individuals and firms.
People who don’t live up to the Chinese government standards are sent to “transformation-through-education” or reeducation camps and generally are denied due process to defend their activities, according to Amnesty International. In practice, not a single bit of information moves outside of the government’s purview.
It’s curious then why more cyberattacks originate from China than any other nation. Indeed, if China was so concerned about law and order, they could...
Chinese tech giant Huawei wants to help construct Germany’s 5G network. The new technology will radically increase mobile internet speeds. A Chinese company, in other words, is aiming to bring Germans faster internet access.
Ironically, China’s government has done everything in its power to isolate the country’s internet and social media platforms from the outside world. It has deployed state of the art technology to hamper the ability of Chinese people to learn what is happening in Germany and elsewhere around the globe.
China does everything it can to block access to information, particularly from the foreign press. So letting a Chinese firm build Germany’s 5G network is...
Intelligence officials believe China may have been behind a massive data breach which compromised the personal details of thousands of Australian National University students and staff.
The Sydney Morning Herald reports that senior intelligence officials have pointed the finger at China as one of only a few countries capable of pulling off the hack, which compromised up to 19 years’ worth of personal data from students and staff.
The ANU revealed the breach on Tuesday, with vice-chancellor Brian Schmidt saying the university had detected an “unauthorised access to significant amounts” of data including the bank numbers, tax details, academic records and passport details of students and staff dating back almost two decades.
The Australian Signals Directorate said the hack appeared to be the work of a sophisticated actor, and now intelligence officials are reportedly pointing the finger...
Supply chain vulnerabilities have leapt to national attention thanks to concerns about Chinese companies Huawei and ZTE, the subsequent ban of their products from use by the federal government, and President Donald Trump’s adding Huawei to a list of entities with whom U.S. companies are prohibited from doing business.
While those actions address some of the supply chain risks from some companies, one-off bans of problematic companies will not be sufficient to protect the country. As Federal Chief Information Security Officer Grant Schneider notes, these are merely “whack-a-mole solutions to a challenge that we need a far more systemic approach to.”
The good news is that government officials are finally starting to pay attention to the vulnerability of their supply chains. Last year, the Department of Homeland Security formed an Information and Communications Technology supply chain task force filled with representatives from both the public and the private sectors. A law passed last December led to the creation of the new Federal Acquisition Security Council, which held its first meeting last month. And the White House recently released an executive order prohibiting the acquisition or use of any information and communications technology or service coming from a company deemed a national security threat.
The U.S.-China trade war is making headlines, but the most important aspect of the long-term economic competition with China isn’t soybeans or natural gas, it’s technology. The dual flashpoints of economic espionage and backdoor surveillance could precipitate the great uncoupling of the world’s two largest economies.
Although American politicians have just started to pay attention, China has been engaged in a decades long, systematic, state-sponsored effort to steal U.S. technology. Beijing has relied heavily on stolen trade secrets and intellectual property to build its own indigenous manufacturing and technology base. Recent U.S. intelligence community estimates suggest that China employs 30,000 military cyber spies and 150,000 private sector cyber experts whose job is to steal foreign secrets and technology.
As China has caught and even overtaken the competition in critical technologies, the United States and other countries have taken notice. In 2015, the Obama...
