U.S. Intelligence to Help Companies Avert Supply-Chain Hacking

August 10, 2016

U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy.

The effort is part of a new campaign by the National Counterintelligence and Security Center to raise awareness that vulnerable supply chains give China, Russia and other governments — as well as criminals, hackers and disgruntled employees — the opportunity to steal sensitive information or disrupt operations.

“You’d be shocked to find out how many people really don’t know where their stuff comes from,” William Evanina, the nation’s top counterintelligence official and director of the center, said in an interview. “The supply chain threat is one that’s the least talked about but is the easiest to manipulate for all aspects of our daily lives.”

The program will be targeted toward U.S. telecommunications, energy and financial businesses, so government threat reports may soon be offered to companies such as Verizon Communications Inc., Duke Energy Corp. and Bank of America Corp.

It’s a risk that last drew wide public attention when hackers broke into Target Corp.’s payment network in 2013 by stealing login credentials from a company that provided heating and air conditioning services.

For a QuickTake explaining cybersecurity risks and their limits, click here.

The intelligence campaign to secure supply chains, which begins on Thursday, is aimed not only at cyber attacks but also at hands-on crime, such as stealing or sabotaging sensitive equipment. The telecoms, energy and finance sectors are being prioritized because of their strategic and economic importance, Evanina said.

Read full story…