Friday, April 25, 2008

Cybersecurity Bypassed Through Backdoor?

I ran across an interesting article yesterday on It tells the story of a potentially serious security breach of government computer systems. It seems that some contractors updating government IT systems found a real good, cheap source for Cisco routers, those high-tech, high-cost keys to successful computer systems. It seems that these ‘Cisco’ routers had never been in a Cisco facility; they were counterfeits manufactured in China.

The fear is that there may be undetectable back door access designed into these systems to allow the Chinese government or Chinese gangs into these secure networks. At this point no one knows what may have been compromised or may be compromised in the future. Not good.

Effect on Chemical Facility Security?

So, what does this have to do with chemical facility security? Anyone that has been in the chemical industry in the last 10 years knows that the Chinese chemical industry is growing by leaps and bounds. Some of that growth is in partnership with American and European chemical companies; a large portion is in competition with American and European chemical companies.

While most of the discussions about chemical facility security in recent years have dealt with the threat from terrorist attack, facilities still need to worry about protecting their business from a variety of economic attacks. Those attacks could be theft of critical formulas and technology or disruption of production to gain economic advantage. A recent CIA report highlighted the threat of extortion as another recently seen method of attack.

While few chemical facilities will be acquiring high-end Cisco servers, they will frequently replace, upgrade or install new computer equipment. With the problem the government is having finding the holes in these suspect systems, what is a chemical company with a small IT department to do? The best defense is to only buy equipment from reputable suppliers and be wary of too-low priced bids for electronic systems; the deal may be really bad.

Is This the Only Problem?

With more and more equipment being manufactured in China, we might need to worry about more than just counterfeits. China is making everything from chips to desktop and laptop computers. While much of that production is for internal consumption, the Chinese are actively marketing these products in the United States.

While there have been some reports of Chinese hardware coming complete with viruses, there have, as yet, been no reports suggesting that Chinese computers and peripherals have been designed with the same sort of back doors that have been reported in the Cisco counterfeits. That may be just because no one is looking.

It may be just a little bit of paranoia on my part, but I would be very leery of hooking up a Chinese manufactured computer to my security sensitive computer network, especially anything connected with SCADA or dedicated safety systems. I would hate to find out the hard way that I had allowed the Chinese military or criminals access to my sensitive systems.

No comments:

/* Use this with templates/template-twocol.html */