States Must Be Vigilant the American Rescue Plan Doesn’t Open the Door to CCP Exploitation

This month President Biden signed the American Rescue Plan, a $1.9 trillion pandemic recovery package that was among the President’s top priorities upon taking office.

The bill includes $350 billion that will go directly to state and local governments, much of which will be invested in information technology and system upgrades.

Bundled in the plan is $7.59 billion to provide devices and Internet services to teachers and students; $2 billion to improve unemployment networks; $128.5 billion for local schools, including to build remote learning capabilities; $39.6 billion for higher education, part of which will support remote learning; and $20 billion to modernize state-based marketplaces, like insurance exchanges.   

Each of those areas present a valuable target to the Chinese government, which is actively working to exploit vulnerabilities and steal sensitive information. State and local governments must be vigilant to not provide an open door.

That starts by setting rigorous information security standards and sourcing equipment solely from trusted companies in democratic nations.

Federal agencies have banned products made by many Chinese vendors, including Huawei, Hikvision, Lenovo and Lexmark, because of ties to the Chinese government and evidence those items can be used to collect information. China’s Military Civil Fusion strategy and national intelligence laws elevate the risk, presenting a real threat that any Chinese-made technology—and even items assembled in China—may be used to collect sensitive data.     

Most states’ procurement policies do not provide the same guardrails. As China Tech Threat’s 2020 report Stealing from States identifies, numerous state governments have contracts with Lenovo or Lexmark, despite federal bans. New York, for example, has spent more than $28 million on Lenovo and Lexmark computers, printers and IT services.

As the old saying goes, the best defense is a good offense. States and municipalities should carefully vet vendors and supply chain security, understand how and where their technology originates and invest in trusted products, even if they may cost more.

The American Rescue Plan funding also provides an opportunity for leaders to terminate contracts with unreliable vendors, audit their systems and replace equipment and software that could pose a threat. As state and local governments prepare to make one of the largest technology investments in history, too much is at stake to give China a backdoor. Leaders at every level must step up efforts to secure our networks.