Fast Company: In official testimony, Greg Schaffer of the U.S. Department of Homeland Security (DHS) told Rep. Jason Chaffetz (R-UT) that imported consumer electronics have been sold in this country containing malware or spyware. Unknown foreign parties have preloaded the devices with code that could compromise security. Schaffer added that many devices made in the U.S. contain foreign components and that it is possible that these components could also contain malware.
The White House’s Cyberspace Policy Review also acknowledged the threat, noting, “The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover. Foreign manufacturing does present easier opportunities for nation-state adversaries to subvert products; however, the same goals could be achieved through the recruitment of key insiders or other espionage activities.”