Confirming years of warnings from government and private security experts, a top Homeland Security official has acknowledged that computer hardware and software is already being imported to the United States preloaded with spyware and security-sabotaging components.
The remarks by Greg Schaffer, the Department of Homeland Security's acting deputy undersecretary for national protection and programs, came Thursday during a tense exchange at a hearing of the House Oversight and Government Reform Committee. The panel is considering an Obama administration proposal to tighten monitoring and controls on computer equipment imported for critical government and communications infrastructure.
Schaffer didn't say whether the equipment he was talking about included end-user consumer tech like retail laptops, DVDs and media players. If so, his comments, first reported Friday morning by Fast Company, would be the first time the United States has publicly confirmed that foreign consumer technology is arriving in the country already loaded with nasty bugs like key-logging software, botnet components and even software designed to defeat security programs installed on the same machine.
Schaffer made the statement under questioning from Rep. Jason Chaffetz, R-Utah, who noted that "the issue of software infrastructure (and) hardware built overseas with items embedded in them already by the time they get to the United States ... poses, obviously, security and intellectual property risks."