Coats: ODNI has seen ‘no evidence’ of supply chain hack detailed in Bloomberg story
Director of National Intelligence Dan Coats told CyberScoop on Thursday that he’s seen no evidence of Chinese actors tampering with motherboards made by Super Micro Computer, becoming the latest national security official to question a Bloomberg report that stated the company was the victim of a supply chain hack.
“We’ve seen no evidence of that, but we’re not taking anything for granted,” Coats told CyberScoop. “We haven’t seen anything, but we’re always watching.”
The comments came before a speech Coats delivered at CyberTalks, where the director touched on supply chain threats as one facet the administration is focused on when it comes to cybersecurity threats.
“Be aware of supply chain threats,” Coats said in his speech. “Understand that cyberthreats to your supply chain are an insidious problem that can jeopardize the integrity of your products.”
The remarks come after a cover story in Bloomberg Businessweek stated that Chinese intelligence agents placed malicious microchips on motherboards used in servers supplied by Super Micro Computing Inc. Those chips reportedly set up a backdoor into networks of some 30 companies, including Apple and Amazon Web Services.
Since the story was released, numerous experts in both the public and private sector have called the details into question.
Earlier this month, NSA Senior Adviser Rob Joyce expressed concern that the story was a “distraction” and that the hunt for evidence to support it could be a waste of resources.
“I have grave concerns about where this has taken us,” Joyce said at a U.S. Chamber of Commerce event. “I worry that we’re chasing shadows right now.”
Apple and Amazon Web Services denied the claims made in the Bloomberg story. Those denials were supported in statements from the Department of Homeland Security and the United Kingdom’s National Cyber Security Center, which said it had no evidence to dispute the companies’ statements.
In remarks focused on the supply chain, Coats said companies that often work outside the U.S. due to concerns about working the U.S. government need to think further about the risk of working in countries like China.
“Let’s be clear about this: if you are a U.S. company that believes you should limit your partnership with the U.S. government on national security matters because it could hurt your brand, then perhaps you should think about the harm to our overarching national security interests of pursuing greater business opportunities in a country like China, where the private sector and the state often merge into the same,” Coats said.
