The terrorist threat we're ignoring
How the high-tech software we import from China is setting us up for potential cyberattacks
By David Sirota
According to the U.S. government, the list of known boogeymen working to compromise American national security is long and getting longer by the day. By my back of the envelope count, we have shoe bombers, underwear bombers, train bombers, cargo bombers, dirty bombers, car bombers and, never to be forgotten, box-cutter hijackers. Now, as of last week, we are told to fear the brand new "implant bomber" -- the terrorist who will surgically stitch explosives to his innards for the purposes of a suicide attack.
All of these threats are, indeed, scary -- and the last one, which sounds like something out of "Saw" movie, is especially creepy. But the fear of individual terrorist acts has diverted attention from a more systemic threat that is taking the implant idea to a much bigger platform. I'm talking about the threat of terrorists or foreign governments exploiting our economy's penchant for job outsourcing/offshoring. How? By using our corresponding reliance on imports to secretly stitch security-compromising technology into our society's central IT nervous system.
Sounds far-fetched, right? Sounds like some fringe theory bizarrely melding liberal political complaints about bad trade policies with tinfoil-hat paranoia, right? Yeah, that's what I thought, until last week when -- in an announcement largely ignored by the Washington press corps -- the Department of Homeland Security made a stunning disclosure at a congressional hearing. As the business trade publication Fast Company reports (emphasis added):
A top Department of Homeland Security (DHS) official has admitted on the record that electronics sold in the U.S. are being preloaded with spyware, malware, and security-compromising components by unknown foreign parties. In testimony before the House Oversight and Government Reform Committee, acting deputy undersecretary of the DHS National Protection and Programs Directorate Greg Schaffer told Rep. Jason Chaffetz (R-UT) that both Homeland Security and the White House have been aware of the threat for quite some time.
When asked by Rep. Chaffetz whether Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that "I am aware of instances where that has happened," after some hesitation.
This supply chain security issue essentially means that, somewhere along the line, technology being marketed in the United States was either compromised or purposely designed to enable cyberattacks.
The process by which this happens is fairly straightforward -- and its connection to our tariff-free trade policies that encourage outsourcing is obvious. First, an American company or governmental agency orders a piece of computer hardware or software from a tech company. Then, because the "free" trade era has economically incentivized those companies to move their production to low-wage countries, much of that order is actually fulfilled at foreign facilities where security and quality standards may be, ahem, lacking.
If this still sounds far-fetched, remember that in the offshoring/outsourcing epoch, one of the major exporters of computer hardware -- and increasingly, software -- is China. That is, the country whose government has been at the forefront of aggressively researching, developing and implementing covert technologies that turn computers into stealth weapons of the police state.
There is, for example, China's Great Firewall, which prevents computers from accessing content the government deems unacceptable. There's also the Green Dam initiative, which aimed to preload spying and censorship software on PCs. These, of course, are just the cyber-sabotage projects we know about, suggesting that there are far more being engineered by the Chinese regime. And this says nothing of the additional possibility of stateless terrorist groups infiltrating the high-tech supply chain to invisibly weave vulnerabilities into our IT infrastructure.
If you think the biggest ramifications of this threat are merely Angry Birds malfunctions, suddenly shitty pictures from Hipstamatic and yet longer wait times when you fire up Microsoft Word -- think again. In an information age that sees missiles remotely fired via keystrokes and data mined for intelligence gathering, supply chain vulnerabilities in high-tech products are a genuine national security problem. Indeed, they are at least as big a threat to national security as the old concerns about how, say, offshoring steel production could compromises our strength by limiting our ability to unilaterally build tanks and warships. By creating a trade policy that helps offshore high-tech production, we may be inadvertently importing spying or terrorist instruments and then embedding those instruments into our computer-dependent society at large.
What might this mean in practice? As the U.S.-China Economic and Security Review Commission reported a few months ago, it could be "kill switches" implanted in Pentagon systems that control our arsenal. It could be new "War Games"-esque back doors that allow Chinese military hackers to punch in their own preprogrammed "Joshua" password and again breach computer networks deep within our national security apparatus. Or it could be new, foreign-built airplanes that run on hardware and software pre-rigged for sabotage.
The possibilities are, unfortunately, endless -- which is why just a few months ago the Defense Department authorization bill included a new provision (Section 806) ordering the Pentagon to begin formally assessing its exposure to this threat.
Like the larger society-wide issue of supply chain vulnerabilities, however, this legislation was almost completely ignored in the popular American press. And the question is why? Why in a nation that seems addicted to fear-mongering have we largely ignored what could be one of the most serious national security threats of the information age?
First, the threat is -- by design -- invisible, and therefore doesn't make for good television. That means it's not news in a society where the availability of televisual imagery often determines newsworthiness. Instead, much of the media promotes stories involving sensational images of naked-body scanners and mug-shots of dark-skinned terrorists and largely ignores less telegenic threats lurking within circuits, algorithms and code -- even though the latter threats may be far more significant.
Second, and equally important, is the fact that questions about supply-chain vulnerabilities force us to confront complex free-trade theologies that the media and political elite rarely examine, much less challenge.
For decades, the relatively limited trade-related reporting by the corporate media and the occasional rhetoric from politicians about trade has mostly focused on jobs, and more specifically, on spreading the lie that tariff-free trade pacts will result in net job growth in America (they haven't). Left almost completely unmentioned are other issues that free-trade critics have raised -- issues like the environment (what happens when factories move to countries that allow for more air pollution?), human rights (do we strengthen autocracy when we incentivize companies to move factories to low-wage dictatorships?) and national security.
The media and political establishment avoids discussing these issues (and typically writes off free-trade critics as Luddites) not because the issues are insignificant, but because the corporations that own the media and buy the politicians also profit off a trade policy that helps companies cut costs by moving production to low-wage countries. Not surprisingly, then, these corporations don't want a serious public examination of the downsides of those trade policies. And so those downsides become victims of a pernicious and pervasive self-censorship -- one that presents free-trade as an exclusively economic (and exclusively positive) issue.