Governments bought Chinese telecom gear despite warnings
Despite federal efforts to block Chinese telecom equipment from U.S. supply chains, state and local governments across the country continued to buy products designated a threat to national security, a new report finds.
Why it matters: U.S. officials warn Chinese telecom equipment could make the U.S. vulnerable to economic espionage or digital sabotage.
- State and local governments should better align themselves with federal policies in order to keep the gear out of schools, hospitals and other critical infrastructure across the country, according to a report published today by Georgetown University's Center for Security and Emerging Technology (CSET).
Background: Federal agencies have been banned since 2018 from procuring products from Chinese tech companies Huawei, ZTE, Hikvision, Dahua, and Hytera.
- However, federal-level bans don't apply to state agencies.
- Only five states — Florida, Georgia, Louisiana, Texas and Vermont — have enacted some measures to limit procurement of such equipment on national security grounds, though the report warns loopholes still exist in some of those states.
By the numbers: Between 2015 and 2021, at least 1,681 state and local entities purchased equipment and services tied to the five Chinese companies, according to the report.
- The total value of the technology and services procured during that time was about $45 million.
- Public schools districts, colleges and universities account for three-quarters of the purchases, but prisons, public hospitals and public transit systems have also bought gear.
- The number of transactions has fallen since 2018, according to the report. But there were still more than 600 procurements in 2021 and there is no indication the transactions have stopped, said the report's co-author Jack Corrigan, a research analyst at CSET.
Details: The purchases covered a wide range of products, including smartphones, surveillance cameras and networking equipment, according to the report, which is based on procurement records scraped from public documents.
- The largest buyer, a mid-size public university in Michigan, invested more than $15 million in Huawei networking equipment and services during the seven-year period.
- Two public school districts in Arkansas each spent more than $1 million dollars on Hikvision surveillance systems.
- The report didn't name these entities.
Between the lines: Chinese telecom equipment is generally less expensive than gear from non-Chinese companies, making it an appealing procurement option for cash-strapped local U.S. agencies.
- Local agencies also often lack the in-house technical expertise and procedures to understand and address the threats posed by foreign technology.
What they're saying: "When the technologies are deployed in government networks, they can serve as entry points for any other networks that are connected to them," Michael Kratsios, co-author of the report and former CTO of the United States, told Axios.
- "If adversaries or hackers are looking to cripple public services," he added, "they could use this hardware as entry points to pursue these activities."
- "State and local governments can proactively take steps to purge these technologies from their supply chains, by adopting measures that are connected to federal guidance," Corrigan said.
What's next: The Federal Communications Commission (FCC) plans to ban all sales of new Huawei and ZTE telecom equipment in the U.S. on national security grounds, Axios reported earlier this month.
- That ban would cover state and local entities.
- The FCC will also determine the scope of a ban on video surveillance equipment sales used for public safety, which would affect the other three Chinese companies, Hikvision, Dahua, and Hytera.
What to watch: The report made several policy recommendations to further mitigate the risks of these technologies at the state and local level, including:
- Creating a master list of "untrustworthy" foreign telecom companies covered by procurement bans, so state and local procurement officers could easily identify risky technologies.
- Increasing funding for "rip and replace" programs to swap out the equipment.