The Complex

The U.S. Might Be Buying Weapons With Enemy Access Built In

It's bad enough that U.S. intelligence officials are constantly discovering new plans to insert spyware and back doors into the Defense Department's supply chain. But what may be worse is that American analysts are only discovering indirect evidence of this infiltration, according to a senior DOD intelligence official. The back doors themselves remain maddeningly hard to find.

"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said David Shedd, deputy director of the Defense Intelligence Agency during a speech at the Aspen Security Forum in Colorado on July 19.

DIA is finding more and more plots to deliver these parts through front companies that are "the instrument of the hostile service that's guiding and directing them," Shedd told Killer Apps during the forum.

"My concern is that our adversaries -- and they're multiple in the supply chain context -- have been very active for a very long time," David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps at the Aspen Security Forum in Colorado. "We're finding things, not in the supply chain itself but plans and intentions through" front companies posing as legitimate DOD parts suppliers.

This is hardly a new threat. (Yours truly has written about the epidemic of counterfeit parts poisoning DOD supply chains since 2008.) A 2011 Senate investigation discovered an unbelievable amount of fake semiconductors in brand new DOD weapons such as the Navy's P-8 Poseidon sub-killing plane and anti-ICBM missiles used by the Missile Defense Agency. Perhaps unsurprisingly, the vast majority of the parts were found to come from China.

In addition to the obvious safety threat posed by say, fake aircraft bolts or wiring harnesses, one of the main dangers to the supply chain is that spyware or back doors can be built into critical electronic circuits. Spyware and backdoors could allow an enemy to easily monitor U.S. operations or even disable American weapons systems.

Israel is rumored to have used digital back doors planted in the software of Syrian air defenses to disable their radars during its 2007 air strike against the Dayr as-Zawr nuclear facility.

Just as scary as the fact that this kind of espionage has been going on for years, is the fact that the massive advantage the U.S. military has in hardware and manpower doesn't exist in the digital world.

"As we learn more about our own cyber requirements and needs, we have a better understanding that the world is a flatter world in terms of what our adversaries can do in the supply chain," Shedd told Killer Apps. While DOD has poured counterintelligence resources at the problem, "I sense a little bit that it's insufficient" said Shedd during his speech.

"I'm generally an optimist, [but] in the supply chain area, I'm very concerned" given the fact that he doesn't truly know the full extent of adversary penetration into DOD weapons systems, said Shedd. "You don't know what you don't know and the old agage of the weakest link is obviously what we need to be concerned about."

Despite all this, there aren't enough people looking at the problem, and sequestration may make this worse.

"It's an area where I have a significant number of analytic resources attached to it and [this] is still less than adequate, in my personal view," said Shedd during his speech. "I'm trying to think about that in a time of fiscal austerity and all the rest because I'm trading it off with other missions that are critical."

You can bet this issue will see more and more attention as hardware becomes increasingly networked and therefore vulnerable to cyber attack. For all the noise about outsiders hacking American systems, the best way for a foreign adversary to get inside U.S. networks might be to ship some counterfeit parts with the spyware already built in.

Wikimedia Commons

National Security

U.S., European Spooks Meet to Discuss PRISM Data Swap

Representatives from the United States' intelligence community will meet with European Commission officials July 22 in Brussels to discuss the extent to which the National Security Agency conducted internet surveillance on European networks under the now famous programs leaked by Edward Snowden.

"We want to learn more about this system, how does it work, what does it do, and then make a sort of assessment and we'll see where all this leads," Gilles de Kerchove, the European Union's counterterrorism coordinator told Killer Apps at the Aspen Security Forum in Colorado.

"What we would like to have . . . is reassurance that these programs [have] limits, safeguards, are proportional, that they are for counter terrorism only and not economic intelligence," said de Kerchove during a speech on July 19 at the forum. "We want to see if there is room for improvement, we don't reject" the idea of the program. Instead, the EU wants to make sure the information is collected lawfully and is held in a secure manner so there are no more large scale leaks. He then referred to the now joint US-EU effort called the Terrorist Finance Tracking Program (TFTP) as an example of intelligence collaboration between the two sides of the Atlantic.

TFTP started as an American intelligence program aimed at monitoring the Brussels-based bank information-sharing organization, SWIFT, with the intent of tracking terrorists' financial transactions around the world. TFTP program was expanded to a joint operation after it was publicly revealed that the US was obtaining information on European bank transactions.

While Monday's meeting is meant merely to inform EU officials about the extent to which the United States is spying on their networks, it might -- might -- lead to more information sharing between the U.S. and Europe, according to de Kerchove.

While the two sides "will not enter into negotiation on a formal arrangement" on transatlantic sharing of information contained in the NSA's PRISM database, part of the goal of the talks for European officials is to make sure that the US will share intelligence gathered under its Internet spying programs, according to de Kerchove.

EU officials want to make sure that "if, through PRISM, the US intelligence community gets some relevant information -- which, together with satellite interception, human source or some other program -- leads to something that is meaningful for one member state in Europe, they will share it," de Kerchove told Killer Apps.

Just yesterday, German newspaper Der Spiegel revealed a "prolific" and growing partnership between German intelligence agencies and the NSA in the gathering and sharing of electronic intelligence, including Internet data such as search engine queries.

de Kerchove acknowledged during his speech that most European government officials, "in the back of their mind, know that the US is collecting a lot of data . . .and we know that a lot of information that has helped us foil [terrorist] plots was provided by the Americans."

So much for all the anger expressed by continental leaders when, in the non-news of the year, the NSA was revealed to be spying on Europe.

(Still, de Kerchove's speech came the same day the EU announced an increased push to ensure that European Internet data is held to European privacy standards even when it is handled by US-based companies.)

At the end of the day, it looks like all of the sturm und drang over the NSA's Internet spying programs might be set to invoke greater intelligence sharing between the US and Europe.

Wikimedia Commons