Malicious code in the IT supply chain threatens federal operations

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/nextgov/ng_20120323_1655.php

By Joseph Marks
Nextgov
03/23/2012

Agencies that deal with national security data and programs must do more 
to secure their information technology supply chains, a government 
watchdog said Friday.

Federal agencies aren't required to track "the extent to which their 
telecommunications networks contain foreign-developed equipment, 
software or services," the Government Accountability Office report said, 
and they typically are aware only of the IT vendors nearest to them on 
the supply chain, not the numerous vendors downstream.

That has left IT systems at the Energy, Homeland Security and Justice 
departments more vulnerable to malicious or counterfeit software 
installed by other nations' intelligence agencies or by nonstate actors 
and hackers.

U.S. enemies could use that malicious software to secretly pull 
information from government systems, erase or alter information on those 
systems, or even take control of them remotely.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.  Get a free live class invite weekly.  Best
program, best price. www.ExpandingSecurity.com/PainPill