It's bad enough that U.S. intelligence officials are constantly discovering new plans to insert spyware and back doors into the Defense Department's supply chain. But what may be worse is that American analysts are only discovering indirect evidence of this infiltration, according to a senior DOD intelligence official. The back doors themselves remain maddeningly hard to find.
"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said David Shedd, deputy director of the Defense Intelligence Agency during a speech at the Aspen Security Forum in Colorado on July 19.
DIA is finding more and more plots to deliver these parts through front companies that are "the instrument of the hostile service that's guiding and directing them," Shedd told Killer Apps during the forum.
"My concern is that our adversaries -- and they're multiple in the supply chain context -- have been very active for a very long time," David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps at the Aspen Security Forum in Colorado. "We're finding things, not in the supply chain itself but plans and intentions through" front companies posing as legitimate DOD parts suppliers.
This is hardly a new threat. (Yours truly has written about the epidemic of counterfeit parts poisoning DOD supply chains since 2008.) A 2011 Senate investigation discovered an unbelievable amount of fake semiconductors in brand new DOD weapons such as the Navy's P-8 Poseidon sub-killing plane and anti-ICBM missiles used by the Missile Defense Agency. Perhaps unsurprisingly, the vast majority of the parts were found to come from China.
In addition to the obvious safety threat posed by say, fake aircraft bolts or wiring harnesses, one of the main dangers to the supply chain is that spyware or back doors can be built into critical electronic circuits. Spyware and backdoors could allow an enemy to easily monitor U.S. operations or even disable American weapons systems.
Israel is rumored to have used digital back doors planted in the software of Syrian air defenses to disable their radars during its 2007 air strike against the Dayr as-Zawr nuclear facility.
Just as scary as the fact that this kind of espionage has been going on for years, is the fact that the massive advantage the U.S. military has in hardware and manpower doesn't exist in the digital world.
"As we learn more about our own cyber requirements and needs, we have a better understanding that the world is a flatter world in terms of what our adversaries can do in the supply chain," Shedd told Killer Apps. While DOD has poured counterintelligence resources at the problem, "I sense a little bit that it's insufficient" said Shedd during his speech.
"I'm generally an optimist, [but] in the supply chain area, I'm very concerned" given the fact that he doesn't truly know the full extent of adversary penetration into DOD weapons systems, said Shedd. "You don't know what you don't know and the old agage of the weakest link is obviously what we need to be concerned about."
Despite all this, there aren't enough people looking at the problem, and sequestration may make this worse.
"It's an area where I have a significant number of analytic resources attached to it and [this] is still less than adequate, in my personal view," said Shedd during his speech. "I'm trying to think about that in a time of fiscal austerity and all the rest because I'm trading it off with other missions that are critical."
You can bet this issue will see more and more attention as hardware becomes increasingly networked and therefore vulnerable to cyber attack. For all the noise about outsiders hacking American systems, the best way for a foreign adversary to get inside U.S. networks might be to ship some counterfeit parts with the spyware already built in.