On September 25, CTT released a memo exposing Lenovo’s presence as a sponsor of the Navy Exchange’s Gaming Hangar in Virginia Beach, VA during the Naval Air Station Oceana air show. Not only did Lenovo have a display booth inside a U.S. military facility, but Lenovo laptops were for sale through the Navy Exchange website, commonly used by military personnel for tax-free tech purchases. Given that Chinese-owned Lenovo was named a “known security risk” by the Pentagon’s own inspector general in 2019, and has ties to the Chinese military, we wanted answers how Lenovo gained a foothold on U.S. bases. (Read the whole memo here).
We’re not the only ones asking hard questions.
On October 5, Chairman Mike Gallagher of the House Select Committee on the Chinese Communist Party wrote to the CEO of the U.S. Navy Exchange to request that CCP-linked Lenovo products be removed from the Exchange, and for good reason. Says Gallagher’s letter, “In 2016, the Pentagon’s Joint Staff warned that ‘cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department’s [global network of suppliers].” Lenovo products have already been banned, investigated, or deemed vulnerable by the State Department in 2006, the Department of Homeland Security in 2015, the Joint Chiefs of Staff Intelligence Directorate in 2016, and the DoD Information Network in 2018.
Gallagher’s letter also stated, “[T]he Exchange should not be selling Lenovo products to U.S. servicemembers, let alone incentivizing such purchases with tax-free, discounted prices. Doing so creates a major cybersecurity threat and undermines the U.S. Department of Defense’s 2023 Cyber Strategy, which commits to “foster[ing] a culture of cybersecurity and cyber awareness.”
Gallagher’s action also builds directly on the second of 4 recommendations in CTT’s memo:
- Congress should ban the Pentagon from acquiring or selling products made by Chinese-owned and operated companies, or from partnering with them in any way.
- The House Select Committee on the CCP should call the Under Secretary of Defense for Acquisition and Sustainment to brief Congress on whether (and how) the Pentagon is following up the recommendations made in the 2019 IG report on mitigating risks from commercial off-the-shelf technologies (COTS) made by Chinese-owned or operated firms.
- The Committee should call the DOD’s Chief Information Officer to brief Congress on how the DOD can identify and remove products made by Chinese-owned and operated companies already in its systems.
- With support from the federal government and Congress, states must follow the lead of Georgia, Florida and others – including four states just in 2023 (Arkansas, Idaho, Indiana, and South Dakota) – that have restricted PRC-owned companies from bidding on contracts to supply technology to state government entities. (For more information visit www.StatesStopChinaTech.com.)
Effectively, the Gallagher letter fulfills recommendation #2. Although his letter wasn’t addressed to the Under Secretary of Defense for Acquisition and Sustainment, it did call someone in the federal government to explain why a U.S. government entity is selling dangerous, commercially available Chinese technology.
Additionally, although Lenovo remains a threat to tech systems at all levels of government, including state governments, U.S. states are taking the danger more seriously. In March, State Senator Lisa Keim of Maine noticed a staffer using a Lenovo computer during a hearing on restricting Chinese tech products from state contracts. Senator Keim said, “If Chinese technology is being used anywhere in our state, the Chinese government has access to our private information. Maine is vulnerable in at least in one known way: Lenovo laptops, which are used throughout state government.”
The good news is Georgia, Florida, and other states (including Arkansas, Idaho, Indiana, and South Dakota in 2023) have restricted Chinese-owned companies from bidding on contracts to supply technology to state government entities. (For more information visit www.StatesStopChinaTech.com). This means recommendation #4 is underway, with momentum building. Government agencies at both the federal and state level cannot continue to risk having the Chinese Communist Party capture sensitive American data through untrustworthy Chinese technology companies such as Lenovo, Lexmark, Hikvision, and DJI. U.S. states must follow the lead of other states on the leading edge of security. And Congress must work to implement recommendations #1 and 3.
Be sure to visit our Substack account!