Quote:
Originally Posted by zx10guy
Issues of supply chain interception has been a real problem for a lot longer than what has been cited in this article. Those that have worked in IT at some capacity for the Federal government have known this is a major risk for at least a couple of decades. This is why pretty much all Federal agencies require hardware sold to them be TAA compliant where the equipment has been substantially "transformed" in a country deemed friendly to the US. There's also BAA compliance where the equipment has been US made.
Cisco got hit by counterfeit parts that were injected into legitimate supply chains. This came to light back in 2008.
https://www.infoworld.com/article/26...isco-gear.html
The public knowledge of this was premature as someone leaked the FBI slide deck going over their investigation into the problem. This pushed the FBI to move a lot sooner on entities/individuals they have been watching. The slide deck is still hosted here:
http://www.andovercg.com/datasheets/...08-01-11-a.pps
Looking through the slide deck, there is a picture of the WIC T1 WAN card used in Cisco ISR routers. I've personally worked with these cards. Without the FBI comparison of the genuine and counterfeit cards, I would have no idea which was real or genuine. The fakes were that good. The only tip off of why Cisco started to look into this issue was a spike in component failures.
The Bloomberg article also cited two companies Huawei and ZTE. Huawei was caught copying code Cisco used in their IOS software. Huawei has also been under tight scrutiny by many western nations for their close ties to Chinese Intelligence. This threat is such a concern where Australia banned the use of Huawei equipment in the major refresh of their telecom systems. The US Feds stepped in when they found out Sprint was going to purchase Huawei equipment.
This is the consequence of us freely allowing a hostile country to manufacture most of the electronics we use to save a few bucks. |
TAA compliance is misleading reassurance.