Neil Ungerleider of Fast Company has noted a very interesting exchange that occurred at Friday’s hearing of the House Oversight and Government Reform Committee. Asked directly by Rep. Jason Chaffetz (R-UT) whether there was a threat that imported software, hardware, and software components had been tampered with and malware embedded within them, Greg Schaffer, the Department of Homeland Security’s acting deputy undersecretary for national protection and programs, very uncomfortably answered in the positive.
You can see the exchange starting at 51:40.
Outside experts have spoken about this threat for a long time, and government officials often speak of the potential threat (see this speech by DoD Deputy Secretary William Lynn III and testimony by former DHS Deputy Under Secretary Philip Reitinger), but you rarely, if ever, get a sitting official to explicitly state that, yes, “I am aware that there are instances where that happened.” The hearing did not get very far in discussing solutions. When Rep. Chaffetz asked what the administration is doing to defend against these threats, Schaffer replied that this was one of the most complicated problems since lots of information technology is manufactured outside of the United States. Chaffetz said he knew that, and then moved on to another question about public-private partnerships.