The federal government has identified technology components in the U.S. supply chain that have been embedded with security flaws, the top U.S. civilian cybersecurity official said Thursday.
Greg Schaffer, acting deputy undersecretary of the Homeland Security Department National Protection and Programs Directorate, confirmed the threat during a House Oversight and Government Reform Committee hearing on cybersecurity. At the time of a January federal report on the U.S-China supply chain, conversations had been largely hypothetical about "backdoor" mechanisms, where outsiders insert faulty programming into foreign-manufactured devices to, for example, shut down systems remotely or leak information.
"These pieces are embedded in software and hardware and people don't know that. It's very difficult to detect," said Rep. Jason Chaffetz, R-Utah, chairman of the Subcommittee on National Security, Homeland Defense and Foreign Operations. "Are you aware of any software or hardware components that have been embedded with security risks?" he asked Schaffer.
</div>
http://www.nextgov.com/nextgov/ng_20110707_5612.php