Despite national security concerns, the U.S. Department of Defense has purchased thousands of computers, printers and security cameras, as well as networking equipment, that contained known cybersecurity vulnerabilities, according to an audit conducted by the Office of the Inspector General.
The audit, which was released with redactions this week, also shows that the Army and Air Force bought off-the-shelf IT equipment made by companies in China that have strong ties to that country’s government and the military. The questionable equipment includes Lenovo computers, Lexmark printers and GoPro security cameras.
While no commercial equipment is totally secure, especially as the global supply chain continues to grow in complexity, organizations such as the Defense Department can reduce some of these concerns by better understanding the risk involved, says Steve Durbin, the managing director of the Information Security Forum.
“What is important is to assess the level of risk that is acceptable and understand how to secure your critical assets against those risks to a level that is in line with your agreed security risk posture,” Durbin tells Information Security Media Group. “This will be something that becomes increasingly important to do as we operate with extended supply chains and products are manufactured in a number of different locations globally before being assembled.”