Despite federal actions to prevent government agencies from purchasing potentially vulnerable Chinese-made technology, inconsistent state- and local-level policies have created security gaps that put citizens’ personal information at risk.
This disconnect was the focus of the latest installment of China Tech Threat’s Quick Cut series on Wednesday, The Tech Threat Disconnect.
“It’s time for us to wake up,” said U.S. Representative Claudia Tenney (R-NY22). “This can be a real problem for the security of our residents and our local governments. Yet, states continue to buy products from companies like Lexmark, Hikvision and others, which are Chinese owned interests.”
“Who knows what’s embedded in these Lexmark printers and especially in Lenovo computers?” she added, pointing to the prominent brands that have been banned by federal agencies but often still purchased by state governments.
China Tech Threat’s report, High-Tech Heist: Chinese Government IT vendors and the Threat to U.S. Banks, report provides some answer to that question. The report cites court records showing that US Marines purchased Lenovo computers and discovered an encrypted chip which collected data from the device and sent it to China. The data transfer is in compliance with Lenovo’s sales agreement which allows the company to transfer any data collected on a device to any country where Lenovo does business. A 2019 Department of Defense audit warns how access to such data by our adversaries could compromise missions critical to national security. Additionally, the Federal Trade Commission charged Lenovo for installing software on laptops which illicitly collected user data. The installation was not authorized, nor was the data collection provided
The Associated Press reported Wednesday that hackers backed by the Chinese government infiltrated the computer networks of at least six state governments last year, according to a report by Mandiant, a private cybersecurity firm.
“If we know that six states were breached by Chinese spies, it means we know 44 states probably have Chinese spies operating on their network that we don’t know about,” said Joseph Steinberg, author of Cybersecurity for Dummies.
The Chinese government is “spying on everything, but we are not taking the threat seriously,” Steinberg cautioned. “It’s not a partisan issue. It’s a national security issue.”
“We are buying the stuff that’s going to create the problems for us,” he added. “We’re spending money putting equipment that could be spying on us into our networks.”
Turning to Russia’s invasion of Ukraine and the situation’s potential cybersecurity implications, both Representative Tenney and Mr. Steinberg stressed the China’s capabilities are far more alarming.
“China is much more dangerous than Russia,” Mr. Steinberg said plainly.