A top Department of Homeland Security (DHS) official has admitted on the record that electronics sold in the U.S. are being preloaded with spyware, malware, and security-compromising components by unknown foreign parties. In testimony before the House Oversight and Government Reform Committee, acting deputy undersecretary of the DHS National Protection and Programs Directorate Greg Schaffer told Rep. Jason Chaffetz (R-UT) that both Homeland Security and the White House have been aware of the threat for quite some time.

When asked by Rep. Chaffetz whether Schaffer was aware of any foreign-manufactured software or hardware components that had been purposely embedded with security risks, the DHS representative stated that “I am aware of instances where that has happened,” after some hesitation.

This supply chain security issue essentially means that, somewhere along the line, technology being marketed in the United States was either compromised or purposely designed to enable cyberattacks.

Schaffer, who has an extensive background in cybersecurity and communications infrastructure management, did not elaborate on the compromised tech that DHS has encountered. However, he did emphasize that foreign components are found in many American-manufactured devices.

As a matter of sheer speculation, it is not hard to imagine computers, portable devices, and components marketed in the United States being purposely infected with malware, spyware, or other forms of security-compromising software by request of either foreign companies or foreign governments. More worryingly, the hearing specifically mentioned hardware components as possibly being compromised–which raises the questions of whether, perhaps, something as innocuous as Flash memory or embedded RFID chips could be used by interested foreign parties.

During questioning, Schaffer said that a whole-of-government effort would be required to combat security holes caused by malware and spyware making their way through America’s electronics supply chain.