Advertisement

NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence

A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered an extensive search for evidence that has so far turned up nothing.
Rob Joyce, former White House cybersecurity coordinator and now NSA director of cybersecurity, in 2017. Joyce briefed the media on the NSA's annual report on Thursday.

A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources.

“I have grave concerns about where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of Commerce. “I worry that we’re chasing shadows right now.”

The story in question is an explosive, anonymously-sourced report published last week by Bloomberg Businessweek. The report alleges Chinese intelligence agents placed malicious microchips on server motherboards supplied by Super Micro Computing Inc., setting up a backdoor to some 30 companies, including Apple and Amazon Web Services.

While supply-chain threats emanating from China are certainly a concern, Joyce said, “what I can’t find are any ties to the claims that are in the article.” Joyce, a respected cybersecurity hand with over two decades of experience at the NSA, said that his pursuit for evidence to substantiate the news report has so far been fruitless. “I have pretty great access, [and yet] I don’t have a lead to pull from the government side. We’re just befuddled.”

Advertisement

Apple, AWS, and Supermicro all gave strenuous, detailed denials of key elements of the story – denials that the Department of Homeland Security has backed. Bloomberg says it stands by its reporting.

Joyce, the former top cybersecurity official in the White House, described “great frustration” at the upheaval and confusion caused by the report.

Companies have scoured their networks for the malicious chips depicted in the Bloomberg story and have not found anything of the sort, he said. “I’ve got all sorts of commercial industry [contacts] freaking out and just losing their mind about this concern. Their [executive] boards are poking at them, their managers are poking at them, and nobody’s found anything.”

Joyce appealed to anyone with knowledge of the alleged hardware tampering to contact officials in the NSA, DHS, or FBI.

Like Joyce, Jeanette Manfra, DHS’s top cybersecurity official, said Wednesday that the department still hasn’t found any information that corroborates the Bloomberg report.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts