Today the Senate Armed Services Committee Subcommittee on Readiness and Management Support held a hearing on the Department of Defense audit, an overview of operations at the defense agency that has only taken place twice in its long history. Mentioned in the hearing was the Department of Defense Investigator General report, an investigation centered upon the purchase of commercial off-the-shelf equipment (COTS) by Department of Defense employees. Specifically, the purchase of commercial off-the-shelf equipment manufacturers currently banned or investigated by other military and government agencies. This equipment includes Lenovo computers, Lexmark printers and GoPro cameras – all manufactured in the People’s Republic of China.
Leading the way in questioning DoD Deputy Secretary David Norquist was Senator Joni Ernst (R-IA), with the Senator referencing the IG report as well as a letter her office sent to the DoD after the report’s release. Senator Ernst first questioned the reasoning behind the COTS purchases, as Chinese equipment known to facilitate backdoors in sensitive government networks could prove detrimental to both data and operational security. Her question was met with an explanation of supply chain oversight by Secretary Norquist, stating that the DoD CIO and Undersecretary for Acquisition were working in tandem to address supply chain risk in purchasing decisions.
More importantly, the Senator then asked Secretary Norquist whether DoD employees were still purchasing Chinese equipment listed by the IG as “vulnerable.” Secretary Norquist opted to answer the question on the record, as he was unsure as to the status of procurement by his Department’s employees despite the IG warning more than 85 days ago.
We at CTT applaud Senator Ernst for her questioning of DoD purchasing decisions, as well as her action to write to Defense officials after the release of the IG report. It is unsettling however that the Deputy Secretary of the DoD – a leader of the United States Armed Forces – is unsure as to whether the recommendations of the IG have been implemented and could not tell the Subcommittee whether his employees were still using government funds to procure and then use Chinese equipment within their networks. The Department of Defense must act to eradicate these cyber threats from its networks and ensure that the men and women serving in America’s defense services are not utilizing equipment that could be weaponized by China and the CCP.