Pages

Saturday, March 30, 2013

America creates legislation against Chinese espionage


A recent bill signed by President Obama, the Consolidated and Further Continuing Appropriations Act of 2013, states that certain federal agencies must first vet hardware and equipment being purchased from China to verify that it isn't compromised. Here's a blurb from the bill:



"Associated risk of cyber espionage or sabotage associated with the acquisition of systems, including any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People's Republic of China.” 

The Chinese pose a significant risk to the United States, or anyone else they're doing business with for that matter, by selling sabotaged equipment laden with code used to steal data or open backdoors to the potential trojanized hardware. This malicious malfunction of hardware becomes almost undetectable to the laymen operating the equipment.

I wrote about this concern a few years ago in a blog post regarding network card based rootkits that allow attackers to compromise a machine without the operating system being aware of the attacks. Over the summer we saw hardware based espionage concerns brought up against the networking and telecommunications hardware company Huawei and it doesn't come as a surprise to anyone that this is a Chinese based company. I think we have a trend here.

Overall, I'm happy we've seen the United States taking a stance against the Chinese in the cyber realm. They're still the elephant in the room, but at least we're no longer scared to point at it. With this new legislation and the brave research performed by Mandiant on nation state sponsored cyber espionage, I feel we're at least pointed in the right direction against the Chinese. They've been caught red handed and exposed for what they are (thieves) and we need to keep the pressure on them.

 [Slow golf clap to America]