New Heritage Foundation Report: Chinese Technology Infiltrating State Governments

Michael Cunningham of the Heritage Foundation has written an excellent new report: “Why State Legislatures Must Confront Chinese Infiltration.” The report covers myriad Chinese influence and intrusion activities taking place inside the U.S.

One of the reports key imperatives is, “Preventing companies linked to the Chinese government from obtaining contracts to build critical infrastructure or supply technology to state government organizations.” Cunningham elaborates on the dangers of state governments letting Chinese-owned companies into their systems:

When Americans allow firms controlled by a geopolitical rival to build their critical infrastructure, they practically invite the Chinese to embed vulnerabilities they can exploit in times of conflict. When Americans procure technology from a geopolitical foe, they invite that foe inside the systems used by their government and armed forces. Indeed, it is well-documented that Chinese technology firms often insert back doors in their hardware and software that can give them remote access to users’ systems and data.

In other words, states that let Chinese owned-companies provide their technology are rolling out the red carpet for Beijing to spy, steal, and sabotage.

Unfortunately, as China Tech Threat has reported, and is continuing to evaluate, the governments of 40 states use equipment supplied by Lenovo and Lexmark, two Chinese companies with close ties to the Chinese government. Cybersecurity Joseph Steinberg has said, “If we know that six states were breached by Chinese spies, what it means is we know that 44 states probably have Chinese spies operating on their networks that we don’t know about.”

China Tech Threat advises state level policymakers on ripping Chinese gear out of their networks and replacing it with trusted technology. In July, China Tech Threat co-Founder Dr. Roslyn Layton served as an expert advisor at the 49th Annual Meeting of the American Legislative Exchange Council (ALEC) in Atlanta, explaining to state lawmakers China’s strategy to infiltrate state governments through the purchase of risky technology embedded in state level networks.

The ALEC event saw the unanimous adoption of a model policy introduced by Georgia State Representative Martin Momtahan based his bill which Governor Brian Kemp signed into law in May 2022 prohibiting state government from purchasing technology products and/or services from providers owned, affiliated, or controlled by the Chinese government.

CTT has also released a list of recommendations to state legislators to help states close China-linked security vulnerabilities:

  1. Restrict Chinese Government Owned Companies from State Purchase and Contracts
  2. Restrict University Partnerships that Strengthen the Chinese Military
  3. Growing and Strengthening the Cybersecurity Workforce
  4. Cooperation Between Congress and States to Ensure Federal Agencies Enforce Export Control Laws

The Heritage report is a timely tool for state leaders increasingly becoming aware of China’s strategy for compromising American technology. Taking action will be difficult, but as Cunningham writes:

People do not hire someone who openly speaks of robbing them, and has a history of breaking and entering, to install the locks or security system to secure their home from robbers. Yet, this is essentially what governments do when they hire Chinese state-owned firms—or private companies with ties to Beijing—to participate in critical infrastructure projects, whether they be railway lines, bus fleets, electrical grids, or mobile networks. It is even more unthinkable that so many federal and state government offices use Chinese technology products in their day to-day operations.

Read more about Georgia Representative Martin Momtahan’s bill here.