Congress Warned of Chinese IoT Security Threat
US lawmakers have been warned of the growing risk to national and corporate security posed by Chinese efforts to dominate 5G infrastructure and the IoT supply chain.
The US-China Economic and Security Review Commission’s 2018 report to Congress claimed that significant state support for these technologies, along with alleged cyber-espionage, IP theft and other measures, have helped China to achieve dominance in the manufacturing of “global network equipment, information technology, and IoT devices.”
However, without the right tools to conduct rigorous supply chain assessments, the US government is left exposed to mounting cyber-related risk.
“China’s central role in manufacturing global information technology, IoT devices, and network equipment may allow the Chinese government — which exerts strong influence over its firms — opportunities to force Chinese suppliers or manufacturers to modify products to perform below expectations or fail, facilitate state or corporate espionage, or otherwise compromise the confidentiality, integrity, or availability of IoT devices or 5G network equipment,” the report warned.
These risks are compounded by the “lax security protections and universal connectivity of IoT devices” — creating multiple weaknesses which hackers could exploit to target critical infrastructure, private enterprises and individuals, it continued.
“These types of risks will grow as IoT devices become more complex, more numerous, and embedded within existing physical structures,” the commission claimed. “The size, speed, and impact of malicious cyber-attacks against and using IoT devices will intensify with the deployment of 5G.”
The report listed a series of recommendations which could signal a major new focus from Washington on supply chain security.
These included: an annual Office of Management and Budget report to ensure Chinese supply chain vulnerabilities are adequately addressed, an investigation into “trade-distorting practices” from Chinese state-owned enterprises, an assessment of any US-China “collaborative initiatives in technical cooperation” and an NTIA/FCC investigation into Chinese supply chain threats to 5G.
Source: Information Security Magazine