Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IT supply chain security weak at major US agencies, says GAO

Grant Gross | March 28, 2012
U.S. lawmakers called on three large U.S. government agencies, including the Department of Energy, to start monitoring their IT purchases for possible malware, counterfeits or other security flaws, after a watchdog agency pointed out potential vulnerabilities in their IT supply-chain procedures.

However, the GAO report suggested that merely looking at the country of origin of a piece of software or hardware may not be a good way to track possible supply-chain problems. U.S. intelligence agencies "offered the view that determining if a relationship exists between a supplier company and a foreign military or intelligence service is a more reliable indicator of a potential security risk than whether a product was manufactured or provisioned outside the United States," Casto said.

The U.S. government should investigate links between foreign IT suppliers and military and intelligence services in their countries, Castro recommended.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.