Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

US Panel Warns Against Government Purchase of Chinese Tech

A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.

A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.

In its annual report on Wednesday, the U.S.-China Economic and Security Review Commission warns of dangers to the U.S. government and private sector from a reliance on global supply chains linked to China, which is the world’s largest manufacturer of information technology equipment.

China’s push to dominate in the high-tech industry by 2025 already is a sore point with Washington and a contributing factor in trade tensions that have seen the world’s two largest economies slap billions of dollars in punitive tariffs on each other’s products this year.

The U.S. also has had long-running concerns about state-backed cyber theft of corporate secrets, something that China agreed to stop in 2015. But the bipartisan commission highlights the potential security risks to the United States by China’s pre-eminence in the so-called internet of things, or IoT, which refers to the proliferation of physical devices that have sensors that collect and share data and connect to the internet. Such devices could be everything from household appliances like refrigerators and air conditioners to warehouse delivery systems, smart traffic signs and aerial drones.

“The scale of Chinese state support for the IoT, the close supply chain integration between the United States and China, and China’s role as an economic and military competitor to the United States creates enormous economic, security, supply chain, and data privacy risks for the United States,” the report says.

The commission, which does not set policy but can make recommendations to Congress and the U.S. administration, is warning that the potential impact of malicious cyberattacks through such systems will intensify with the adoption of ultra-fast 5G networks that could quicken data speeds by up to 100 times.

“The lax security protections and universal connectivity of IoT devices creates numerous points of vulnerability that hackers or malicious state actors can exploit to hold U.S. critical infrastructure, businesses, and individuals at risk,” the report says.

Advertisement. Scroll to continue reading.

The United States has already taken some steps to restrict the use of Chinese-made high technology. For example, it has restricted government procurement from Chinese tech giants Huawei and ZTE, which deny their products are used for spying by China’s authoritarian government.

In June, the Defense Department suspended the purchase of all commercial, off-the-shelf drones until a cybersecurity risk assessment strategy was established. In 2017, U.S. customs authorities alleged that drones produced by Chinese company DJI, which has dominated the U.S. and Canadian drone markets, likely provided China with access to U.S. critical infrastructure and law enforcement data. DJI denied the allegation.

The commission is calling for Congress to push for assessments by U.S. government agencies on their supply chain vulnerabilities. It says the U.S. government depends on commercial, off-the-shelf products, many of them made in China, for more than 95 percent of its electronics components and information technology systems.

Large U.S. telecommunications providers also rely on global supply chains dominated by Chinese manufacturers. Although they do not source directly from Huawei and ZTE, major U.S. telecommunications providers rely on other foreign 5G network equipment suppliers that incorporate Chinese manufacturing in their supply chains, the report says.

RelatedDUST Identity Emerges From Stealth to Protect Device Supply Chain

Related: Watch Cisco’s Edna Conway Talk Supply Chain Security With Microsoft Cybersecurity Field CTO Diana Kelley (Video)

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.