The Department of Defense is investing heavily in cloud-based computing that relies on software developed in China—the same country deemed a major cybersecurity threat to the United States.

 

In order to shift military operations to the cloud, the Pentagon must ensure the electronics utilized have not been tampered with. Some analysts say that could prove difficult to do, given the intricacies of coding and the fact that much of the equipment is Chinese-made. Hackers from China, possibly with connections to the government, have repeatedly infiltrated private sector and governmental systems in the U.S.

 

“Our clouds are running off of hardware that’s built in China,” Tom McAndrew, an executive at IT compliance firm Coalfire, who also is a Navy Reserve surface warfare officer specializing in weapons systems, told NextGov, “The challenge is—can you create a secure cloud running on top of nonstandardized, noncertified hardware?”

 

Members of Congress fear a “nightmare” situation where Asian manufacturers intentionally install a “backdoor” mechanism into military circuitry that allows enemies of the U.S. to shut down systems remotely or leak information.

 

Last summer, Greg Schaffer, acting deputy undersecretary of the National Protection and Programs Directorate in the Department of Homeland Security, told a congressional committee that security flaws have already been found in the U.S. supply chain originating in China.

-Noel Brinkerhoff

 

Defense Overhaul's Emphasis on the Cloud Carries Supply Chain Risks (by Aliya Sternstein, NextGov)

Threat of Destructive Coding on Foreign-Manufactured Technology Is Real (by Aliya Sternstein, NextGov)