The director of the National Security Agency (NSA) acknowledged an “aspect of risk” Wednesday in government agencies using computer technology that is manufactured abroad.
Adm. Mike Rogers appeared to agree with a concern raised by Rep. Jim Cooper (D-Tenn.) on that hardware from outside the United States could arrive containing malicious software.
{mosads}“There is clearly an aspect of risk to it. I think that’s a fair statement,” Rogers said in an exchange with Cooper during a House subcommittee hearing.
Cooper suggested that defense agencies should increase their use of U.S.-made technology in light of news that China-based computer maker Lenovo shipped laptops prepackaged with malware.
“More domestic manufacture … Within the department, we try to take a look at that,” said Rogers, the head of the U.S. Cyber Command.
Rogers added that defense agencies do consider the origin of hardware when deciding which systems should serve which purposes. A network that deals with employee morale programs is somewhat less sensitive than others, he said by way of example.
The risk of Trojan horse software in new computers is a real one.
In addition to the Lenovo example, the New York Times reported in January that the NSA installed software on nearly 100,000 computers around the world in order to conduct surveillance.
And Tuesday, news broke that millions of computer users are vulnerable due to an encryption flaw known as “FREAK,” which became widespread after an old U.S. policy forbade the export of strongly encrypted devices.
Rogers emphasized Wednesday that the NSA tests all of its hardware and software for vulnerabilities prior to use.
“We don’t automatically assume it is perfectly secure,” he told the House Armed Services Subcommittee on Emerging Threats and Capabilities.
“I don’t mean to imply that it is nefarious … [But] it’s not in our best interest to always assume that we’ll never have any issues.”
Updated at 7 p.m.