EXCLUSIVE: Hundreds of state and local government entities have purchased technology from Chinese companies that are restricted at the federal level and have been flagged as concerns for potential espionage by the communist regime – with a new report warning of a potential national security threat as a result.
At least 1,681 state and local entities across 49 states purchased information and communications technology and services (ICTS) between 2015 and 2021 that are prohibited at the federal level, according to the first-of-its-kind report published Wednesday by Georgetown University’s Center for Security and Emerging Technology (CSET) and obtained first by Fox News Digital.
The report’s authors said, if anything, the figure could be an undercount due to data accessibility constraints.
“Over the past few years, anecdotally, we’d heard that a lot of these state and local governments were buying this technology, but it had never been quantified before,” said Michael Kratsios, one of the report’s authors. “We wanted to do an analysis to actually determine the extent to which this technology – actually banned by the federal government – was being procured by state and locals.”
Kratsios, who served in the Trump administration as the chief technology officer, along with co-authors Jack Corrigan, a research analyst at CSET, and Sergio Fontanez, an associate at Washington, D.C.-based law firm Holland & Knight, concluded in the report that a number of loopholes exist that enable local governments to buy cheaper Chinese technology despite federal restrictions.
Using local procurement data, the authors tracked state and local entities’ purchases of technology manufactured by five Chinese companies Huawei, ZTE, Hikvision, Dahua and Hytera. Overall, they discovered that, during the time analyzed, state and local entities made 5,700 transactions of technologies, including smartphones, surveillance cameras, temperature scanners, handheld radios and networking equipment worth about $45.2 million.
The technology could ultimately serve as “conduits for government espionage and other nefarious activities,” the report states.
“This covers everything from schools, hospitals, transit systems, utility departments and other government facilities,” Kratsios told Fox News Digital in an interview. “The majority of these purchases are actually done by public schools and universities, but you do see a lot of activity also in the in public utility space and even some activity in the judiciary.”
“What’s interesting about this technology is that you only need one network-connected piece of equipment to be able to potentially compromise any network that it is connected to,” he continued. “That’s where we see the real danger.”
In recent years, both Democratic and Republican lawmakers as well as federal law enforcement agencies have issued stark warnings about the threat imposed by Chinese technology. FBI Director Christopher Wray said in 2020 that the U.S. opens a new China-related counterintelligence case once every 10 hours.
Wray highlighted in his remarks at the time that the Chinese government has access to sensitive data of most Americans and engages in economic and academic espionage.
The Biden administration opened a probe into Huawei, a Chinese telecom giant, in July over concerns its equipment could collect sensitive data from military bases and missile silos in the U.S., Reuters reported at the time.
In addition, six state governments were victims of a massive network breach conducted by a state-sponsored Chinese hacking group between May 2021 and February. A massive cyber attack targeting the Colonial Pipeline in May 2021 led to gas supply shortages along the East Coast, underscoring the vulnerability of key U.S. energy infrastructure to foreign hacks.
And a number of pieces of legislation have barred federal agencies from using tech and services from certain Chinese companies or restricted such purchases with federal dollars. The 2019 National Defense Authorization Act barred the government from using equipment from the five Chinese companies, while a Commerce Department rule allows the agency to block procurement of certain tech.
“Since Michael’s time in government, and even before that, you’ve had folks in the national security community discussing how this technology could enable foreign actors, hackers, to access these systems in which they are plugged into,” Corrigan told Fox News Digital.
“A lot of the discussion is kind of focused around this idea that these technologies could contain backdoors that enable foreign hackers to break into these systems and then exfiltrate data, monitor network activity, disrupt any of the services that are connected to these networks,” he added. “The kind of the possibilities are kind of limitless.”
Yet, Kratsios, Corrigan and Fontanez write in the report that laws regarding foreign tech are new and so far have not been echoed by many states – with only Florida, Georgia, Louisiana, Texas and Vermont taking measures to limit tech on national security grounds.
The report outlines how the threat from Chinese-owned companies falls into three categories: backdoors or vulnerabilities baked into technologies to conduct nefarious activities in the U.S.; human vulnerabilities that could allow technicians to install malware or remove data; and the economic risks of relying on a global adversary for vital technology.
Also, modern ICTS supply chain spans tens of thousands of companies and therefore might not always be clear where the links are between firms – with tech manufactured by one company often containing components from another.
“Purging a particular product from any supply chain is a difficult feat. The global technology market is vast, complex and opaque, which makes it exceedingly difficult for governments to understand the provenance of the products they purchase,” the report says.
Among their recommendations, the authors call for local governments to “align their procurement decisions with federal guidance.”
“Federal policymakers have already constructed a robust process for determining whether certain products and services pose national security threats, and it would behoove state and local agencies to piggyback off this federal guidance,” the report continues.
On the federal level, the report calls for the Commerce Department to implement federal authority on ICTS effectively, and for the Federal Communications Commission to block equipment authorizations for untrustworthy foreign tech.
It also calls for the federal government to both create and share a master list of untrustworthy foreign ICTS that can make it easier for state and local governments – as well as private organizations – to secure their networks.
Finally, it encourages policymakers to allow state and local jurisdictions to back “rip and replace” efforts that allow compromised ICTS to be replaced with alternatives at lower cost with federal funding.
“If political leaders at the state and local level better understood the magnitude of the risk and the fact that they were essentially doing things that didn’t necessarily comply with the federal ban, my suspicion is that more action would be taken to stop this stuff,” Kratsios said.
“I don’t think anyone is trying to do anything bad here. I don’t think anyone is being nefarious,” he added. “I think this is partially an education problem, but also a lot of responsibility falls on the federal government to actually use the tools that are in place.”