Press Release: China Tech Threat Co-Founder Praises Senator Joni Ernst’s Tough Question

Senator Demands Pentagon Protect Technology from Known Threats Deputy Secretary Declines to Provide Assurance

WASHINGTON, DC – During Wednesday morning’s Senate Armed Services Committee subcommittee hearing featuring Department of Defense Deputy Secretary David Norquist, Senator Joni Ernst demanded an end to the Pentagon’s risky use of vulnerable equipment by asking:

Do you know is the Department still purchasing equipment that possible could have been manufactured in areas of concern?” 

(The complete testimony excerpt can be found on page 2 of this release.)

Deputy Secretary Norquist briefly explained the Pentagon’s current effort, but when asked pointedly if the DOD is still purchasing vulnerable equipment he offered to take the question for the record.

Dr. Roslyn Layton, co-founder of cyber-security watchdog China Tech Threat and visiting scholar specializing in technology policy at the American Enterprise Institute, echoed the Senator’s concerns:

“The Department of Defense is forcing the hand of Congressional leaders by ignoring the risks Chinese hardware introduces to American networks. Deputy Secretary Norquist must immediately implement the IG’s plan to rid the DOD of these devices that compromise intelligence and civilian agencies.

The DOD’s response was due 85 days ago. What are they waiting for?”

Senator Ernst and Dr. Layton are referring to a heavily redacted July 26th report by the Department of Defense Inspector General that uncovered $33 million worth of purchases by Army and Air Force personnel in 2018 on Chinese electronics, including household name brands like Lexmark, GoPro and Lenovo. The brands have already been banned by other federal agencies because of their known vulnerability to hacks and spying of military personnel and facilities.  Senator Ernst inquired about the IG report via letter to Deputy Secretary Norquist in August. The DOD had until August 26th to respond to the IG, but have not yet published a response.

###

Hearing Excerpt from 1:06:30

Link: https://www.armed-services.senate.gov/hearings/19-11-20-department-of-defense-audit

Senator Joni Ernst:

  • Thank you Mr. Chair and Mr. Secretary, along similar lines but a little different question. Focusing on the purchasing of commercial items, and back in August I sent a letter to you highlighting the threat that was posed by commercial off the shelf computers and other types of electronic equipment, specifically those that have been made in Communist China and those that present as cyber security risks. And so, I appreciate the letter that you sent back in reply that discussed the ways the department is addressing those types of vulnerabilities but perhaps you could give us a quick update on the progress that the department has made in that area.

Deputy Secretary David Norquist:

  • Sure, so one of the challenges that you have in buying particularly electronics, it is one thing to say that this is a large Chinese made product and shouldn’t be in the system. Then you start buying other ones and you start discovering components that were made, the company that provides it to you is a US based company, but all of a sudden there are components inside it. So this is where the department has to do careful analysis of what it is buying, so we look at the threat intelligence, we look at the supply chains, we test the products for its adherence to security standards and in some cases we do penetration testing with red team, but we need to understand those supply chains and understand where are the places where we cannot afford to have them bringing in those types of parts because it creates a vulnerability and working with those firms directly on, in some cases you can improve it if you take out the middle man and buy directly from the vendor, but in other cases you have to understand that if that vendor is assembling parts that includes pieces, now in some cases those pieces aren’t a risk and others are and that is where we have to work very carefully and that is the process that we are putting in, again, between our CIO and our Undersecretary for Acquisition.

Senator Joni Ernst:

  • Do you know is the Department still purchasing equipment that possible could have been manufactured in areas of concern?

Deputy Secretary David Norquist:

  • Let me take that for the record so we know how far along in this we are.

###