Recently, a Homeland Security official confirmed that tech components or gadgets imported from overseas, many of which end up in some of the most popular American gadgets, are infected with malicious software.

According to Greg Schaffer, acting deputy undersecretary at DHS, “This is one of the most complicated and difficult challenges that we have.” Schaffer was giving responses to the questions of Rep. Jason Chaffetz of Utah, chairman of the House Oversight Subcommittee on National Security, Homeland Defense and Foreign Operations.

When it was asked to Schaffer that how U.S. was battling this problem, he said that supply chain risk management is an issue that the administration is focused on. When pressed for details, Schaffer was reluctant to expand except to say, “I am aware that there have been instances where that has happened.”

Schaffer said, “The range of issues goes to the fact that there are foreign components in many U.S. manufactured devices, there is a task force that DHS and DOD co-chair to look at these issues with goals to identify short-term mitigation strategies and to also make sure that we have capability for maintaining U.S. manufacturing capability over the long term.”

This is not the first time when this issue is raising. It also raised in 2009 when White House said in Cyberspace Policy Review that a broad, holistic approach to risk management is required rather than a wholesale condemnation of foreign products and services. The challenge with supply chain attacks is that a sophisticated adversary might narrowly focus on particular systems and make manipulation virtually impossible to discover.

Finally, the administration concluded, “The best defense may be to ensure U.S. market leadership through continued innovation that enhances U.S. market leadership and the application of best practices in maintaining diverse, resilient supply chains and infrastructures.”