Homeland Security Secretary Kirstjen Nielsen told a Senate panel on Wednesday that her department doesn’t have any evidence supporting a media report last week that computer servers supplied by California-based Super Micro Computer, Inc. contain microchips inserted by Chinese suppliers that can be used to spy on networks using the servers.
Companies that allegedly have had their products compromised as a result microchip emplacements, including Apple [AAPL] and Supermicro, have said no malicious microchips have been found on their products.
“We have no reason to doubt what the companies have said,” Nielsen told the Senate Homeland Security and Governmental Affairs Committee. “We continue to look into it. What I can tell you it is a very real and emerging threat that we are concerned about.”
Last week, Bloomberg BusinessWeek reported that the microchips were inserted into motherboards used by Supermicro from manufacturers in China and that the ultimate end customers for some of the computing products could be the Department of Defense and intelligence community. The chips were inserted by a Chinese army unit, the article said.
Nielsen’s testimony follows a statement by DHS on Sunday that like its partners in Britain, it has no reason to doubt the denials from the companies whose products were allegedly compromised by the microchips.
FBI Director Christopher Wray also testified and told the committee to “be careful what you read in this context,” but he also provided the agency’s boilerplate statement that it would neither confirm nor deny if it is investigating the matter.
Nielsen said that China is “playing a long game” in its espionage and influence efforts in the U.S.
“They’re bringing everything they have to bear,” she said.
Nielsen also highlighted the new DHS National Risk Management Center, which the department stood up in July that aims to bring together the government and private sector to analyze and discuss how to improve public-private partnerships around cyber security. She told the committee that the center has an Information Communications Technology Task Force that is focused on the supply chain.
“We’re working very closely with the private sector to break down the supply chain and give them much more awareness of the types of companies they’re purchasing from,” she said, adding that DHS is working to ensure any of its vendors have “complied with basic security.”
“So this is a particularly pernicious threat as you well know because it’s very difficult for the average citizen, company or government entity to understand every component that was put into a part of, or piece of, equipment or network that they’ve purchased,” Nielsen said.