U.S. Seeks to shut tech products backdoors

As part of a comprehensive cybersecurity push, the U.S. government will focus on improving its network defense capabilities and revamping acquisition rules to protect against malicious code installed during the manufacturing process of electronic devices.

The National Cybersecurity Initiative, announced in January, will replace the government’s outdated network perimeter defense system, officials from the U.S. Department of Homeland Security (DHS) and other agencies said at the cybersecurity conference held last month by the Information Technology Association of America. Cyberattacks have grown more sophisticated in the past year, says Melissa Hathaway, senior advisor for cybersecurity at the Office of the Director of National Intelligence (DNI).

(The Canadian government has earmarked over $100 millionfor the country’s own cybersecurity push)

“We are faced with a dangerous combination of known and unknown vulnerabilities, strong adversary capabilities and very weak situational awareness at this time,” she says. “We see this as a growing economic and national security crisis.”

Government officials are increasingly concerned about hidden vulnerabilities and Trojan horses in commercial technology products, says Paul Schneider, deputy secretary at DHS. The U.S. government needs to better protect its supply chain, particularly when a growing number of tech products are produced overseas.

The U.S. government will work with private vendors to address those supply-chain concerns, he says. DHS is also looking at implementing stricter acquisition rules for tech products.

There have been examples of credit-card point-of-sale machines stealing credit card numbers and passwords, Hathaway notes. “We need to be more concerned about backdoors in the supply chain,” she says.

Another major concern is the U.S. government’s perimeter defense, officials say. The current perimeter defense scanner, nicknamed Einstein, was launched in 2004 and is a largely passive monitoring system, Schneider says.

“Simply put, [Einstein] is a flow-management system that lets us know after we’ve been attacked,” adds Neill Sciarrone, special assistant on cybersecurity in the White House. Einstein protected a small percentage of the access points to the federal government’s networks, adds Robert Jamison, undersecretary for national protection and programs at DHS. His agency is currently testing a new version of Einstein that would protect all of the government’s networks, he says.

The long-term cybersecurity initiative will focus on several other issues, including better sharing of information about cyberattacks and sharing government defense capabilities with private companies, officials say.

The government also will work on recruiting more cybersecurity experts to work for U.S. agencies and educating Internet users about vulnerabilities, they say.

(Grant Ross)

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now