In recent years, serious concerns have been raised about the national security threats posed by Chinese-connected equipment operating within the United States. The widespread use of Chinese-manufactured devices and software connected to the internet provides ample opportunity for our strategic adversary to harm America’s defense, economy, and critical infrastructure.
For decades, the People’s Republic of China has waged a cold war of economic subversion against the U.S. and our interests. This economic abuse occurs via backdoors, supply chain implants, and tampering to aid espionage and disrupt critical infrastructure.
Recommended Stories
Federal agencies must acknowledge an uncomfortable reality as they strive to secure government networks and vital infrastructure. These days, many commonplace devices serve as platforms for gathering data, sending location information, usage trends, and operational stats back to cloud systems that could be accessed by foreign adversaries such as China.
In 2018, those warnings resulted in restrictions on telecommunications companies such as Huawei. However, while smartphones, cameras, and telecom equipment have received a lot of attention from policymakers and the media, a far broader universe of everyday connected tools and devices has quietly gone unnoticed.
Take Hong Kong-based Techtronic Industries, for example. Many may not be aware, but it bought Milwaukee Tool, a popular brand on building sites and in maintenance facilities all over the country. Some of their tool products use systems that connect through Bluetooth to smartphones to sync location and operational data to cloud platforms for inventory management and tool tracking. This might seem innocuous at first; however, the information these devices gather takes on a completely different meaning when used inside sensitive facilities, such as government buildings or energy infrastructure.
Consider the implications for government and military sites. The data may reveal when construction activity picks up, when workers arrive and depart, or when facilities are at their busiest.
Or consider ZPMC, the Chinese state-owned manufacturer that supplies roughly 80% of the ship-to-shore cranes operating at U.S. ports. These cranes are not passive machinery. They are networked, software-dependent systems with remote access capabilities — and they sit at the chokepoints of American commerce. Congressional investigators and the U.S. Coast Guard have already raised alarms about the possibility of embedded vulnerabilities being exploited for surveillance or disruption. A crane that can be remotely monitored can also, under the right conditions, be remotely disabled.
Such operational insight is extremely valuable to foreign intelligence services.
Increasingly, governments at the federal, state, and local levels have become reliant on goods manufactured in China. Despite warnings from Congress and others, the government’s national security and law enforcement components have yet to sever their reliance on such imports entirely. There has been extensive reporting on security concerns, such as cyberespionage, surrounding Chinese-based Lenovo, a supplier of laptops and printers to federal and state governments, yet procurements continue.
The danger is real. Chinese law compels all Chinese companies, regardless of their direct affiliation with the Chinese state, to provide data and enable backdoor access to their products. This means that Chinese companies are required to provide data to the Chinese government without telling their international clients.
Security experts have long cautioned that China’s “military-civil fusion” system permits the government to use private businesses as extensions of its intelligence apparatus. Therefore, when used overseas, devices made for commercial convenience may become strategic surveillance tools.
The larger ecosystem of connected electronics entering the U.S. increases the risks. Federal agencies have already issued warnings about Chinese-made internet cameras after investigators found flaws that might allow remote access to sensitive facilities.
But it extends beyond cameras.
The growing list also includes smartwatches, home routers, and even ordinary products such as vacuums and air fryers. Many of these devices have sensors, wireless connectivity, and cloud integrations that produce constant streams of operational data.
Every piece of information gathered becomes a possible intelligence asset when those devices are produced by businesses under the influence of the Chinese government.
For this reason, policymakers need to take supply chain security seriously. It is more than just prohibiting dangerous telecom equipment and closely examining software platforms to safeguard the country’s infrastructure. It also requires recognizing that seemingly unremarkable tools and devices, such as industrial equipment, power tools, printers, and sensors, can serve as dispersed data collection networks across the U.S.
The answer is simple.
Federal procurement regulations should forbid government agencies and federally funded infrastructure projects from acquiring connected devices made by Chinese-domiciled companies, just as we did with limited telecom equipment from companies such as Huawei.
The public would still be able to purchase the goods they desire in the private marketplace despite such a policy. However, it would guarantee that vital infrastructure projects, military installations, and sensitive government buildings are shielded from needless surveillance risks.
The most dangerous vulnerabilities in a period of digital espionage are frequently the ones that go unnoticed.
THE WORLD MUST CHOOSE: STAND WITH AMERICA OR YIELD TO IRAN
The U.S. cannot permit foreign-connected devices to covertly gather data inside the very infrastructure that keeps our nation functioning if it is serious about safeguarding its national security.
Chad F. Wolf previously served as acting Secretary of Homeland Security during the first Trump administration.