Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 08/21/06 issue

Procurement conundrum | What’s inside the box?

DOD must ensure IT is secure, no matter where it comes from

By Dawn S. Onley, GCN Staff

When the State Department purchased 16,000 ThinkCentre desktop computers earlier this year from a company partially owned by the Chinese government, critics warned of the potential risks to national security.

After State announced the deal with Lenovo Corp., fear ran rampant in some circles, most notably on Capitol Hill, that the Chinese government could bug computer systems with spyware and begin collecting critical intelligence. Suspicions were eased somewhat, though not altogether, when State agreed to not use any of the computers on its classified network, which connects U.S. embassies and consulates.

“This decision would have had dire consequences for our national security, potentially jeopardizing our investment in a secure IT infrastructure,” said Rep. Frank Wolf (R-Va.), chairman of the Appropriations Subcommittee on Science, State, Justice and Commerce, and Related Agencies. “It is no secret, and becoming more obvious, hopefully, to the U.S. Congress ... that the United States is a principal target of Chinese intelligence services.”

That’s not news to many in the Defense Department.

As DOD outsources much of its network operations and security work to Defense contractors, and as attempted cyber-attacks and intrusions from nation-states are expected to rise, the potential grows that adversaries could not only develop some of the equipment the military buys, but write code that runs that equipment.

Looking offshore

“I think there’s concern over anything that’s built offshore,” said Navy Rear Adm. Elizabeth Hight, deputy director of DOD’s Joint Task Force for Global Network Operations. “I wouldn’t direct it towards China, or India or any other area of the world. Capabilities that are built offshore that you don’t have control over pose a particular concern, and you have to take that into account when you develop your risk equation.”

Northrop Grumman Corp. provides network security worldwide for the Army and Marine Corps. Additionally, the company secures most of the Air Force networks in Europe and the United States.

How would DOD know, for example, if Northrop decided to subcontract some of its network security work to a company headquartered in a country that is unfriendly to the United States?

More news on related topics: Communications / Networks, IT Security, Acquisition / Contracts, Defense IT, IT Management



GCN Popup