NEWS RELEASE
FOR IMMEDIATE RELEASE
ODNI News Release No. 11-19
April 1, 2019
NCSC Launches National Supply Chain Integrity Month in April
Campaign Designed to Raise Awareness of Supply Chain Threats and Mitigation
The National Counterintelligence and Security Center (NCSC) today launched National Supply Chain Integrity Month with its federal partners to raise awareness about growing threats to the supply chains of the private sector and U.S. Government and to provide resources to help mitigate these risks.
“Foreign intelligence entities and other adversaries are increasingly exploiting supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, and surveil our critical infrastructure,” said NCSC Director William R. Evanina.
“Bypassing our security perimeters, they’re infiltrating our trusted suppliers to target equipment, systems, and information used every day by the government, businesses, and individuals. The cost to our nation comes not only in in lost U.S. innovation, jobs, and economic advantage, but also in reduced U.S. military readiness,” he added.
Throughout April, NCSC is partnering with the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense’s Center for the Development of Security Excellence (CDSE) to equip U.S. government and industry stakeholders with information about supply chain threats and risk mitigation.
NCSC has posted documents, videos, and other resources on a new supply chain page on its website at: https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats. Among other things, the site provides information on threats and best practices, the recently-enacted SECURE Technology Act, and the creation of the Federal Acquisition Security Council. The NCSC site also contains links to supply chain resources at DHS’ CISA, DOD’s CDSE, and the U.K.’s National Cyber Security Centre.
Recent supply chain attacks from China and Russia underscore this growing threat:
- In December 2018, “APT10” cyber actors tied to China’s intelligence service were indicted by the U.S. for hacking into managed service providers (which provide cloud and IT services to businesses and governments worldwide) in order to steal intellectual property and confidential business data from the providers’ clients on a massive scale. The victims were major companies in a dozen countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the U.A.E., the U.K., and the United States.
- A January 2019 U.S. indictment against Huawei alleged that, after entering into an agreement in 2010 to supply its wireless phones to T-Mobile, Huawei’s U.S. employees began stealing data on T-Mobile’s phone-testing robot so Huawei engineers in China could try to replicate it. The charges allege Huawei even offered monthly bonuses to its employees based on the value of data they stole from competitors around the globe.
- In March of last year, the FBI and DHS issued an alert about an ongoing intrusion campaign by Russian government cyber actors to reconnoiter U.S. energy sector networks. Instead of targeting the energy utilities head-on, the Russians infiltrated their trusted suppliers in order to gain access to and eventually surveil our industrial control systems.
A center within the Office of the Director of National Intelligence, the NCSC is the nation’s premier source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.
