On May 1, Indiana Governor Eric Holcomb signed a law to prohibit the purchase of dangerous Chinese technology that could put the state and its sensitive data at risk of intrusion by the People’s Republic of China (PRC). In doing so, Indiana joins the growing list of states that have enacted similar bills in recent weeks, including Idaho, South Dakota and Arkansas.
Introduced by State Senator Justin Busch, Senate Bill 477 prohibits the “purchase of equipment or services produced or provided by certain prohibited persons determined to be a national security threat to communications networks or supply chains,” including China.
The new law prohibits companies from bidding on contracts if the company:
- “would be able to directly or remotely access or control of a critical infrastructure or a cybersecurity system of a critical infrastructure”
- “is owned or controlled by citizens of (or a company or entity owned or controlled by citizens or the government of) China” (and other adversarial countries)
- headquartered in China (and other adversarial countries)
In August 2019 the Department of Defense warned against purchases of technology products by PRC-owned technology manufacturers Lenovo and Lexmark, previously restricted by U.S. military and intelligence agencies. Under Indiana’s definition, both Lexmark and Lenovo would meet all three criteria, as their parent companies are based in China, partly owned by the PRC and they are subject to China’s 2017 National Intelligence Law (which obligates all Chinese companies to hand over information).
Moving forward, China Tech Threat will closely monitor implementation of the new law to ensure it bars companies like Lexmark, Lenovo, DJI drones, and Hikvision cameras.
China Tech Threat’s extensive research demonstrates that states have spent $230 million on the two companies. Fortunately, Indiana stands out. Since 2017, Indiana has not reported spending on either Lexmark or Lenovo. This is marked progress compared to the $14,399 spent on Lenovo products between 2016 and 2017. However, purchases of restricted technology through third-party sellers, which can be significant, are not yet captured in our research.
Several states, including Oklahoma and New Jersey, also have legislation pending and CTT urges them to act quickly to bolster their states defenses amidst growing threats.