Hardware imported from China could leave U.S. open to cyber-threats

Cybersecurity advisor Richard Clarke warns that imports of chips, routers and hardware from China and other foreign suppliers could leave the U.S. open to cyber-attacks and cyber-threats.

Richard Clarke, counter-terrorism czar for three U.S. presidents, believes that imports of chips, routers and hardware from Chinese and other foreign suppliers is leaving the U.S. open to cyber-warfare, cyber-espionage and cyber-sabotage.

In an interview with the Smithsonian, Clarke claims "every major company in the United States has already been penetrated by China."

He further claims that trade secrets and intellectual property are being stolen by hackers and funnelled back to China.

Another of his worries is that all the electronic components and devices used by U.S. homes and businesses are being made in China, and other foreign suppliers. These, Clarke claims, could be implanted with "logic bombs", trapdoors and "Trojan horses", which could be activated on command remotely.

Clarke says that his greatest fear is not that the U.S. will suffer a "cyber-Pearl Harbor event" but that instead it will be a "death of a thousand cuts".

He fears the U.S. will lose its competitive edge because of "research and development stolen by the Chinese," as "company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China."

Pretty scary stuff. But should we be listening to Clarke?

History suggests that we should. He was the man who failed to get the White House to act on his warnings that al-Qaeda were planning an attack on American soil. Later, during his testimony to the 9/11 Commission he delivered his famous apology: "Your government failed you."

On the other hand, if Trojan horses in hardware and cyber-espionage are commonplace, where's the evidence? Where there is evidence for selective cyber-attacks, such as the one carried out against Adobe and Google, there's very little to suggest that these attacks are widespread -- certainly to the extent that it affects "every major company in the United States."

It's just so hard to imagine that something of that scale wouldn't leave traces behind.

Image credit: Wikimedia Commons.