The Department of Defense uses computer hardware, firmware and software in almost every aspect of its mission. This usage continues to expand as technology improves and the research and development community identifies new ways where technology can improve the lethality of the military while also helping to support the Soldiers, Sailors, Airmen, and Marines. Very few of these systems are built from the ground up for a specific military purpose. Even where the overall system is built by or for the government, it is often constructed from commercially procured parts. The further away it is from the battlefield, the more the computer technology resembles that which is used by industry and governments across the globe. Laptops, desktops and government operated servers all use “Commercial, Off-the Shelf, Technologies” (COTs). DoD and Federal agency partners are also supported by commercial cloud providers, including implementing commercial cloud solutions on classified networks.
Cyber security professionals will tell you that if “If the adversary becomes your supply chain, you can’t defend it.” This is the reason DoD spends time and money on cyber security training, scanning of machines, and numerous other efforts to keep malicious actors from gaining access and “owning” your computer. There are locks on the doors, security check points at the entrance to the post/camp/station where your office is, standard configuration guides, and numerous other practices – all with the intention of keeping DoD’s data safe. As DoD and its partners become smarter about how to operate in a safe and secure manner, people who wish to do bad things search for innovative ways to by-pass all those safeguards to achieve their purpose. One demonstrated effective actions of our advisories is to infect the hardware, firmware or software before it comes into the possession of the DoD. The “Supply Chain” for parts, software, and whole systems can be a source of a security breach.
FTDI abuses Windows Update, pushing driver that breaks counterfeit chips
Watchdog finds just two DOJ agencies adhering to supply chain risk requirements
Biden to sign directive increasing scrutiny of foreign investment in U.S.
US orders Nvidia and AMD to stop selling AI chips to China
Commerce Announces Addition of 7 Chinese Tech Institutions to Entity List
LinkedIn Profiles Indicate 300 Current TikTok And ByteDance Employees Used To Work For Chinese State Media – And Some Still Do
Congress Wants Answers on a ‘Significant’ Cyberattack on Courts
FBI found Huawei equipment in Midwest could disrupt US nuclear communications: CNN
CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications
TikTok Global Chief Security Officer Steps Down in Reorg to ‘Minimize Concerns’ Over U.S. User Data