Photo: Cargo containers/Photo courtesy of the U.S. Customs and Border Patrol
As the federal government attempts to reinforce the nation's cyber-security posture -- the Pentagon has launched the U.S. Cyber Command and the Barack Obama administration is developing cyber-terrorism incident response plans -- experts warn that the IT running the nation's supply chains is just as vulnerable as anything else.
The technology behind the systems that provide basic goods and services is a target too.
"If you took down the ports of Los Angeles or Long Beach and made it so that none of the container ships could arrive, even if they knew that they were supposed to go there, that would be an equally disastrous thing. I'm sure that terrorists and would-be enemies of the United States are looking at that just as hard as they're looking at [cyber-warfare]," said Tom Wilkerson, a retired major general for the Marines and CEO of the United States Naval Institute.
The institute partnered with CACI International, a provider of professional and IT solutions for defense application, on a series of symposiums about the issue. In March the parties held the first symposium, Cyber Threats to National Security -- Countering Challenges to the Global Supply Chain, and published a report in August discussing the thoughts and recommendations attendees expressed there.
"All these supply chains are heavily dependent on information technology systems, so we thought that this was a great topic based on the cyber-threat that is facing the nation," said Jeff Wright, senior vice president of the enterprise technologies and services group at CACI.
Attendees expressed concerns that both the public and U.S. leaders aren't yet fully aware of how vulnerable supply chains are to an IT compromise. "If you look at the history of America, what you discover is we usually start things a distant second when it comes to warfare, and we usually have inflated estimations of what the next war will look like based on the last war," Wilkerson said.
The report noted that both weapons development and hazardous material supply chains are targets, citing a government breach in which attackers were able to download information about an F-35 jet fighter, The Wall Street Journal reported last year.
Symposium attendee Gordon England, former deputy secretary of defense and former secretary of the Navy, spoke about how adversaries could misdirect or delay crucial shipments. Jim Gilmore, former Virginia governor and current member of the CACI board of directors, said U.S. adversaries could substitute equipment components with counterfeit ones.
The report also cites a 2009 Symantec study revealing that the United States was the target of most of the malicious cyber-activity that year. In an updated 2010 Symantec report, the United States was again victimized most often from the April to June period, drawing 21 percent of worldwide malicious activity. India and Germany were tied for second at 6 percent each.
The report on cyber-threats to the supply chain said that very few companies use cyber-security products that are equipped to monitor supply chain technology from end to end. Monitoring from start to finish is difficult because technology that supports a supply chain is oftentimes an aggregation of multiple networks working together.
Consequently not only is supply-chain security perhaps overlooked, but it's something that may be difficult for organizations to adequately secure even if it's a priority. Symposium speakers also noted that many private-sector security companies don't seem interested in developing a comprehensive national security tool because there doesn't appear to be a financial incentive.
On the other hand, executive branch action would spur the government to get a comprehensive cyber-security supply chain strategy under way.
"All levels of government need to be involved because it's an issue of fostering the commerce of a particular state. A lot of states have recognized in the buildup of their infrastructures within the states that they want to have more security and more awareness," Wright said. "Because it makes them more attractive to industry and commerce, and it's in everybody's best interest to protect the citizenry, foster the economy and make sure we sustain our way of life."