Cyber Sabotage is yet another new wrinkle in the emerging threats from cyber space. Whether delivered over the internet or purposefully installed during the manufacturing process, contaminated hardware or software is now a concern. Sabotage is defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information.
The Department of Defense operates and estimated 3.5 million PCs and 100,000 local-area networks at 1,500 sites in 65 countries. In one study a common piece of network equipment sold by a US company was found to have nearly 70 percent of the components produced by foreign suppliers. This equipment is critical to our security as well as our economy. If we cannot trust the computer equipment out of the box, then where are we? At this point it would be impractical to validate each and every computer before we place it into operations.In the commercial sector cyber sabotage could be used to attack competition and steal market share. In 2007 there were an estimated 269 million PCs shipped worldwide. Just imagine the backlash if a saboteur was able to contaminate the master software file used to image all the computers produced by the huge computer manufacturer HP. The millions of computers they ship each month could pose a significant threat to the business customers, and consumers and could even pose a national security threat. If that is not bad enough, can you imagine the impact of HPs stock if such an event were ever to happen. Now it should be noted that computer manufactures all have security controls in place to guard against such malicious acts. But then again, I am sure Seagate and Insignia would have said the same thing.
Offshore manufacturing diminishes our ability to control and monitor the manufacturing process for computers and related equipment. However, these malicious acts can occur even if all manufacturing is done in the United States. Insiders are thought to be involved in nearly 80 percent of security breaches that occur each year and who knows what percentage of the $1.5 trillion a year in corporate espionage. The fact is no matter what you do, what technology you use and how careful you are, you cannot be 100 percent sure you have managed all your risks.
Here are a couple of recent examples:January 2008 Digital picture frames were one of the hot items for this holiday season. However, some of them came with an unexpected surprise. Insignia NS-DPF10A digital picture frames connect to computers via the standard USB port. The digital picture frames were contaminated with a computer virus during the manufacturing process according to a notice posted on the company's website.
November 2007 Seagate Maxtor Basics Personal Storage 3200 hard drives were infected with a Trojan Horse virus. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase. Intelligence reports that the Trojan was designed to copy information on the computer and send it to a Beijing web sites without the user's knowledge.July 2007 A space program worker deliberately damaged a computer that was supposed to fly aboard the shuttle Endeavour in less than two weeks. This was an act of sabotage that was caught before the equipment was loaded onto the spacecraft.
-- Kevin Coleman