Retired U.S. Army Gen. Wesley Clark recently gave the keynote address at the Cybertech Midwest convention in Indianapolis. In it, he drew on his personal military experience to discuss the evolution of cyber threats over the last two decades. Gen. Clark highlighted how hostile actors from foreign nations often attack soft targets more so than hard targets, because it is easier to pull off. He emphasized there is no overarching strategy for cybersecurity in the U.S. and the need for greater public awareness; rather than concealing the impact of cyber threats, we actually need to be explaining it to people. He also identified Russia, China, North Korea and Iran as the most prominent nations fighting America in the cyber domain.
One key section of his speech highlighted the dangers of U.S. government agencies using Chinese hardware – specifically Huawei and Lenovo products:
“On the hardware side, if you buy equipment or chips from China, you don’t know whether or not they’ve been poisoned. … Huawei’s the big guy, it’s all over the news right now because the United States knows that with Huawei, if you buy Huawei equipment, there’s a backdoor in Huawei. So whatever’s coming through that server is available in a separate channel. They’re Chinese intelligence. And if you are buying something like a Lenovo personal computer, we sold Lenovo to the Chinese 10 or 12 years ago. And I remember when we did, I’m like, ‘Oh God, why would we do that?’ … Yes, they are manufactured in China, and if you work for the U.S. government, you’d better not have any Lenovo computers there because you don’t know what’s inside them.”
The timing of Gen. Clark’s warning about Lenovo is striking, given the Department of Defense Inspector General released a report less than a week later that flags the U.S. Army and Air Force for purchasing Lenovo computers despite “known cybersecurity risks.”
It’s beyond time that U.S. government officials read their own reports and take action on them. As Gen. Clark stated, “You have to extend the reach your protections into the supply chain and into the customer chain. Otherwise you can’t be protected.”