Information Security News mailing list archives
Malicious code in the IT supply chain threatens federal operations
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 26 Mar 2012 00:51:59 -0500 (CDT)
http://www.nextgov.com/nextgov/ng_20120323_1655.php By Joseph Marks Nextgov 03/23/2012Agencies that deal with national security data and programs must do more to secure their information technology supply chains, a government watchdog said Friday.
Federal agencies aren't required to track "the extent to which their telecommunications networks contain foreign-developed equipment, software or services," the Government Accountability Office report said, and they typically are aware only of the IT vendors nearest to them on the supply chain, not the numerous vendors downstream.
That has left IT systems at the Energy, Homeland Security and Justice departments more vulnerable to malicious or counterfeit software installed by other nations' intelligence agencies or by nonstate actors and hackers.
U.S. enemies could use that malicious software to secretly pull information from government systems, erase or alter information on those systems, or even take control of them remotely.
[...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. www.ExpandingSecurity.com/PainPill
Current thread:
- Malicious code in the IT supply chain threatens federal operations InfoSec News (Mar 25)