Last Thursday, the departments of Justice, Homeland Security, Defense, State, and Commerce recommended that the Federal Communications Commission (FCC) revoke licenses for China Telecom, a state-owned telecommunications company operating in the United States, for national security risks. In a statement announcing the recommendation, Assistant Attorney General for National Security John C. Demers remarked that “The security of our government and professional communications, as well as of our most private data, depends on our use of trusted partners from nations that share our values and our aspirations for humanity.”
The basis provided for the recommendation is consistent with what we already know about the People’s Republic of China’s (PRC) malicious cyber-activity in the U.S. The Department of Justice statement explained that the executive branch agencies identified “national security and law enforcement risks associated with China Telecom’s operations.” For example, the company provided “opportunities for PRC state-actors to engage in malicious cyber activity enabling economic espionage and disruption and misrouting of U.S. communications,” as well as “inaccurate statements by China Telecom to U.S. government authorities about where China Telecom stored its U.S. records, raising questions about who has access to those records.”
China Tech Threat applauds this recommendation by the leaders of five federal agencies for taking decisive action and shining a spotlight on Chinese state-sponsored malfeasance. In order to have truly robust cybersecurity defense nationwide, state governments must take similar action. Just as the federal government raised questions regarding potential state access to China Telecom’s records, our white paper (“Stealing from the States: China’s Power Play in IT Contracts”) uncovered details in states’ contracts with Chinese technology vendors that allow for the collection and transfer of data to any entity with whom they work. Greater data vigilance and vetting of foreign vendors will be essential to the future of cybersecurity at the local, state, and national levels.