In Case You Thought You Had Secrets
We read labels on food packages before we eat the contents because we want to make sure that everything inside is what we think it is.
We trust the FDA to enforce the rules of labeling food products. Cigarettes too contain labels with dire warnings of the potential consequences of purchase.
According to a recent GAO report, we may need to require labels on all of our Information Technology purchases too. Laptops, iphones or prepackaged software could contain malware, logic bombs, or other ingredients that may not be safe for our (U.S.) consumption.
Electronic gadgets as well as information systems used by the Department of Defense could contain electronic circuitry supplied by so-called hostile agents.
By its own admission, the US Government, including Homeland Security, Energy and Defense has inadequate security in place against the infiltration of malicious software into the supply chain.
The government purchases components from suppliers scattered throughout the world, which makes it impossible to insure that these products are 100% safe to consume.
Without supply chain protection measures, maybe we need labels on these products as a stopgap measure. If we know that components manufactured in suspect countries reside in a laptop computer that we are considering purchasing, at least we will be forewarned of the possibility of attack.
On the other hand, there could be a hostile agent working in the midst of our own Silicon Valley right now embedding bad things into microchips destined for hardware used by the Dept. of Defense.
In March, CBS’s 60 Minutes told us about the 2010 cyber attack on the Iranian nuclear program. Through the introduction of a computer virus called Stuxnet, equipment used in the enrichment of uranium was caused to malfunction. Estimates state that the Iranian nuclear program was set back by several months, possibly years, due to the virus. This is a stunning example of what can be accomplished through cyber stealth.Continued on the next page