Tainted electronics imports pose security threat

The United States needs to be more wary of computers and other electronics imports that could be laden with malicious software, according to a leading Congressional expert on cyber security.

Hackers are injecting bad codes into components at overseas manufacturing plants, planting tools to help them launch cyber attacks on the United States, Rep. Jim Langevin told Reuters after speaking at a cyber security event in Rhode Island.

He said the problem affects consumer electronics as well as corporate technology systems, which can hold secret corporate and government data.

"Corrupting hardware and software is embedded in the supply chain," he said. "We have a real challenge on our hands to better secure the supply chain."

Tainted supply chain components are a growing threat to the United States, particularly in military operations, said Doug White, a cyber security expert and professor at Roger Williams University.

"It's not something that a lot of people have thought about in the past. They should have thought about it," he said.

"What if you went on a battlefield and hit a button and everything stopped working? It's pretty scary stuff," White added.

Langevin and White spoke at a news conference in Providence on a new state program to combat cyber threats, the Rhode Island Cyber Disruption team.

Langevin sits on the US House of Representatives committees on Armed Services and Intelligence and is privy to information about cyber threats that the government has not publicly disclosed.

He is sponsor of the Executive Cyberspace Coordination Act of 2011, one of the most closely watched cyber security bills in Congress. The areas it addresses include providing US government assistance to utilities and other companies that manage key US infrastructure projects.

Embedded malware is just one of many challenges that the US government and businesses face in fighting cyber attacks, said Alan White, director of security and risk consulting for Dell's SecureWorks computer security division.

"The public and private sector is constantly attacked by hackers," he said.

(Reporting by Jim Finkle; Editing by Richard Chang)