Quote:
Originally Posted by NEFARIOUS
Not to mention as a former employee of a GSA contractor, it has been long established that China is not part of the Trade Agreement Act, and the government is prohibited from buying merchandise made or substantially assembled in China or any other non-TAA country.
|
To be more specific, TAA compliance means the item has to be substantially transformed in a country recognized to be favorable to the US. We can't kid ourselves. Most everything electronic is made in China. There's no way around it. The fear by security professionals and governments is when a company based in China controls the product development and supply chain. With China's known track record of state sponsored cyber hacking of both government and commercial systems, the fear is well founded with any company based in China. This is the world we live in when we've pretty much sold off our souls for cheap components. The US Federal Government has recognized this national security situation and as a result the Department of Energy has a program to manufacture chips/electronic components for national security sensitive equipment controlled by the Federal Government deemed too risky to bid out to the private sector.
Other companies provide their own programs which gives the US Government extra assurance of the security of the product the US Government receives known as secure supply chain. This was highlighted when counterfeit components for many of Cisco's routers were being found injected into legitimate supply chains sourced from Chinese factories. The FBI with Cisco was running an investigation and sting on finding individuals responsible for this major breach in product assurance. The operation was exposed when someone leaked an internal PowerPoint presentation onto the Internet. This caused the FBI to move on arrests they were planning on making but were waiting on additional individuals to be implicated. I personally saw the PowerPoint presentation and the comparisons between a counterfeit HWIC T1 card used in Cisco's ISR routers and a genuine one. You have to be hardware engineer at Cisco to tell the difference. In the case of the HWIC T1 card, it boiled down to the sheen of the retaining screws where the counterfeit ones were a bit duller than the genuine cards and the inductor on the counterfeit card was different than the genuine card. The investigation was triggered by a large number of failures Cisco was dealing with under their support warranties. This was the best scenario where the components were just failing. The worst is if these components had hidden spyware components/code injected into them.
ETA: Here's a website that has the graphics of the FBI PowerPoint slides:
http://www.abovetopsecret.com/forum/thread350381/pg1