Members of Congress are demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. Lawmakers suggest the spy agency is lacking effective oversight of software supply-chains relied upon by the U.S. government and private industry. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company s software updates. The move, lawmakers suggest, concerns Congress because it appears to be a tacit endorsement of weak encryption.
Source: https://threatpost.com/solarwinds-nsa-encryption/163561/