Cyber Sabotage

Cyber Sabotage

Cyber Sabotage is yet another new wrinkle in the emerging threats from cyber space. Whether delivered over the internet or purposefully installed during the manufacturing process, contaminated hardware or software is now a concern. Sabotage is defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information.

The Department of Defense operates and estimated 3.5 million PCs and 100,000 local-area networks at 1,500 sites in 65 countries. In one study a common piece of network equipment sold by a US company was found to have nearly 70 percent of the components produced by foreign suppliers. This equipment is critical to our security as well as our economy. If we cannot trust the computer equipment out of the box, then where are we? At this point it would be impractical to validate each and every computer before we place it into operations.

In the commercial sector cyber sabotage could be used to attack competition and steal market share. In 2007 there were an estimated 269 million PCs shipped worldwide. Just imagine the backlash if a saboteur was able to contaminate the master software file used to image all the computers produced by the huge computer manufacturer HP. The millions of computers they ship each month could pose a significant threat to the business customers, and consumers and could even pose a national security threat. If that is not bad enough, can you imagine the impact of HP’s stock if such an event were ever to happen. Now it should be noted that computer manufactures all have security controls in place to guard against such malicious acts. But then again, I am sure Seagate and Insignia would have said the same thing.

Offshore manufacturing diminishes our ability to control and monitor the manufacturing process for computers and related equipment. However, these malicious acts can occur even if all manufacturing is done in the United States. Insiders are thought to be involved in nearly 80 percent of security breaches that occur each year and who knows what percentage of the $1.5 trillion a year in corporate espionage. The fact is no matter what you do, what technology you use and how careful you are, you cannot be 100 percent sure you have managed all your risks.


Rest of article at: http://www.defensetech.org/archives/003988.html?wh=wh