Importing Cyber Risks

In a prior blog, two weeks ago, we reported that much of the cyber security infrastructure hardware and software used by the US are designed, manufactured and assembled overseas.  Not surprising is the fact that some of this equipment is coming to the US with ready-made spyware, malware and other security compromising components.  The White House, Homeland Security, and the Pentagon are aware of this.  There is no evidence to indicate that foreign governments are involved in this deception, but it is not hard to imagine that one or more could be involved.  Given that a purchase of a firewall or other cyber security related (or non-cyber security for that matter) hardware/software related product could be purchased with malware that could open the backdoor to any security, how does one defend against this?  It is not possible nor practical to inspect each product as the software or firmware is downloaded or as it is manufactured.  One solution will be the mandatory installation of Intrusion Detection System (IDS) software.  Intrusion Prevention System (IPS) software will be of little value because the intruder has already been invited in.