You are here

China’s Big Hack Heightens Pentagon’s Cyber Supply Chain Worries

  • Pressure will be on contractors to secure the systems they provide
  • Inspection requirements, risk of contract loss may result

The latest revelations about Chinese infiltration into U.S. computer systems are fueling fears about the security of the military’s systems and have the potential to alter the way the Pentagon acquires information technology.

Bloomberg Businessweek reported Oct. 4 that Chinese spies exploited vulnerabilities in the U.S. technology supply chain to infiltrate the computer networks of almost 30 U.S. companies. Apple and other companies named in the story have disputed the reports; Apple told Congress last week that its supply chain is secure.

The Trump administration has already sought ways to combat Chinese threats, including offensive measures. “The Chinese efforts to threaten us in cyberspace and across the information technology spectrum are a very high priority for us — countering them, establishing structures of deterrence to prevent China from even thinking about doing it, touches on the offensive cyber operations that the president has authorized,” National Security Council head John Bolton told reporters.

Under Pressure

Pentagon acquisition is likely to feel the pressure and pay the price. Contractors may find themselves held more accountable for the safety and security of the systems they provide, which could prove costly. Concerns about a “trojan chip” or software containing malicious code could force the Pentagon to implement some sort of screening procedure to inspect all computer hardware and software before it can be connected to a DOD network — another expensive prospect.

Contracts could also be at risk, or bidders knocked out of contention, if the Defense Department finds cybersecurity measures lacking. Asked whether a company’s insufficient cybersecurity could cause it to lose a federal contract, Thomas Michelli, the acting deputy chief information officer for cybersecurity at the Defense Department, told C4ISRNET, “I could see that happening, yes.”

Senior Pentagon officials say they are prepared to spend new money and take other actions to “selectively intervene” in the U.S. defense supply chain if they deem it necessary to protect the industrial base from “predatory” Chinese influence or market-driven failures, according to Inside Defense.

Risks associated with Chinese suppliers became a prominent factor in debate over the fiscal 2019 budget. “We were about to let a contract to one of our primes, and we found out that, in that division that we are going to contract to, Huawei was a joint venture partner,’’ Secretary of the Navy Richard Spencer said in testimony before the Senate Armed Services Committee in January. “And we turned around and said, `Whoa, stop the horses. We’d like to know what this means.’ Talked to the prime, the prime said, `No problem. We’re not going to use any of the assets of Huawei, nor its software.’ It was a very enjoyable call.”

“Then we said, ‘Great. Can we see the governance documents of the joint venture?’ And things got very frosty.”

Tracking Suppliers

A search using Bloomberg Government’s Contracts Intelligence Tool shows that DOD purchased about $4 billion of computer hardware in fiscal 2017. The results understate computer purchases because only prime contracts are counted, which doesn’t capture all of the hardware and software incorporated into complex IT systems that are often provided by a subcontractor or reseller.

BGOV data shows that CDW Corp. sold about $246 million in goods and services to the U.S. Army in fiscal 2017, mostly for desktops and mobile computing.

Once the top computer hardware vendors for the DOD were identified, Bloomberg Government used the supply chain function (SPLC) on the Bloomberg Terminal to examine which of CDW’s suppliers are based in China. The terminal data shows that CDW has 5 suppliers based in China.

An examination of the top 10 computer suppliers for DOD using the SPLC tool finds that four of these companies, CDW, HP Inc., Dell Inc., and General Dynamics Corp. have a total of 30 China-based companies as first-tier suppliers. HP and Dell share Shenzhen Laibao Hi-Tech Co., a maker of transparent glasses and color filters.

The threat from Chinese infiltration poses a daunting problem for the Pentagon. If it seeks to obtain all of its computer hardware only from trusted sources located in the U.S. or perhaps closely allied countries, it will take time to identify secure suppliers and is likely to cost a great deal of money.

To contact the analyst: Robert Levinson in Washington, D.C. at rlevinson@bgov.com

To contact the editors responsible for this story: Daniel Snyder at dsnyder@bgov.com; Jodie Morris at jmorris@bgov.com

The post China’s Big Hack Heightens Pentagon’s Cyber Supply Chain Worries appeared first on Bloomberg Government.

itcon color logo