This week, China Tech Threat published a blog detailing a recent cyberattack on Rensselaer Polytechnic Institute (RPI), a renowned research and engineering school in New York. With more than $6 million in spending in risky tech products affiliated with the Chinese government, including more than $405,000 worth of spending by college and universities across Texas, are Texas universities the next target?
Over the last 18 months or so, China Tech Threat has been sounding the alarm over risky tech contracts with Chinese government-owned technology manufacturers including Lexmark and Lenovo, both of which have been restricted by the Pentagon. It is these types of contracts that leave Americans across the country, vulnerable.
Now, our latest work on exposing risky state spending found found that Texas has spent over $6 million on Lenovo and Lexmark products in recent years giving the Chinese government having access and control over all data on their products. This includes more than $405,000 worth of spending by Texas A&M University and Texas Tech, both large research institutes.
As the Albany Times Union also reported n reference to the RPI hack, “Criminal ransomware attacks are bad enough. But the concern is much greater, and the stakes much higher, when it comes to hostile players compromising governmental and defense systems and critical infrastructure like pipelines, dams, communication networks and electrical grids, whose failure could wreak havoc as devastating as a traditional military attack.”
Read our full Texas FOIA report here:
Beyond the state higher education system spending, the Office of Attorney General with the responsibility of upholding the law and keeping the people of Texas safe has spent $3.7 million dollars on Lexmark equipment that puts Texans’ data and privacy at risk. In addition, he Texas Department of Criminal Justice, which manages inmates in state prisons, state jails, and private correctional facilities that contract with the TDCJ. This is all work that involves sensitive personal information on some of the state’s most vulnerable people, yet it has spent more than $1.6 million on Lenovo equipment.
State and federal officials representing Texas should work together to take action against these risky purchases. Bobby Pounds, State Chief Procurement Officer and Amanda Crawford, Executive Director of Texas Department of Information Resources, can work within the state government to prevent Lenovo products from being used or purchased.
Further, members representing Texas have been leaders in the fight against Chinese aggression in the technological sphere. Senator Cruz, a member of the Senate Foreign Relations Committee, has been outspoken on the CCP and technology related issues since he entered Congress. Last year he introduced legislation, the CCAS Act, to prevent Chinese surveillance and espionage by prohibiting U.S. federal employees from conducting official business over platforms run by Tencent, Huawei, ZTE and other companies the U.S. Department of State is controlled by the CCP. He can, and should, call for the same action with Lenovo and Lexmark, starting in his own state. Further, Senator Cornyn has been one of the fiercest China hawks in the Senate. His 2020 CHIPS Act to compete with China in the semiconductor space was signed into law and n 2019, he introduced the UIGHUR Protection Act to place export controls on critical technologies to China, such as facial recognition software, that can be used to facilitate mass surveillance and detention. Finally, Representative Jackson Lee has been a fierce advocate for cyber security across Texas and the country. Recently, The House Homeland Security Committee voted to advance Jackson Lee’s bill, Cybersecurity Vulnerability Remediation Act. The bill seeks to enhance the “nation’s preparedness to respond to disasters, terrorist threats and incidents, and to safeguard our democracy in the 21st Century.”
This bipartisan issue affects all Americans. We urge those who can act to do so and we hope that our elected officials who work to protect user privacy will resolve this increasingly concerning threat.