Ending the Federal Government’s Reliance on Chinese Technology

Download

RELIANCE ON ADVERSARIES CREATES DANGEROUS VULNERABILITY

The United States government (USG) is the world’s largest single purchaser of products and services. The total dollar value of the USG’s contracts for goods and services in 2024 exceeded $750 billion, with the Department of War responsible nearly 60%. This amount is distributed through contract award systems, which are advised by numerous government agencies that provide guidelines for standards and prices.

Despite numerous provisions meant to grant American providers preferential treatment, some goods and services must inevitably be purchased from providers based outside the United States. Many are from allied nations with whom the United States has a historical relationship of good faith trade. However, with the rise of the People’s Republic of China (PRC) as a manufacturing hub churning out inexpensive electronics, the USG has unfortunately pivoted some of its purchasing—particularly in electronics and services—to our chief foreign adversary.

The PRC and its national security laws—specifically, the National Intelligence and Data Security laws—require total access to products and services provided by PRC corporations and PRC-based American subsidiaries, thus transforming sensitive products manufactured within the PRC’s borders in sectors such as solar panels, cargo cranes at seaports, and laptops into potential vectors for surveillance. Simultaneously, China has a stranglehold on the production and refinement of many basic components and minerals used in other products.

The USG has numerous bodies, agencies, and programs designed to prevent the procurement of devices that pose a risk to national security. Unfortunately, they are failing their duty due to bureaucratic inertia, non-compliant contractors, and abuse of carve-outs and exemptions. To resolve the USG’s reliance on Chinese technology, many of these bodies need reform, guided by Congress and the president to ensure success.

EXAMPLES OF AGENCY FAILURES

Security failures have been documented by congressional investigations, mandatory disclosures, and Inspector General reports. In some cases, agencies deliberately overrode their own procedures to procure Chinese technology.

PENTAGON CONTRACTORS TRANSMIT CLASSIFIED AIRCRAFT SCHEMATICS TO THE PRC

Over the course of the last decade, major defense contractors have transmitted classified information regarding American military aircraft to the PRC. Those cases include:

• Honeywell International, Inc., transmitted classified or otherwise restricted engineering drawings of parts (primarily engines and electronics) for the F-35, F-22, C-130, Apache Helicopter, and Abrams Tank, among other equipment.
• Boeing transmitted files related to the F-18, F-15, F-22, E-3, and AH-64 aircraft, in addition to data on the AGM-84E and AGM-131 missiles. Boeing was also accused of having subsidiaries forge export licenses, allowing for easier transfers.
• Raytheon Corporation (RTX) allowed data for practically every aircraft that it or its subsidiaries manufactured or worked on to be transmitted to the PRC so that PRC-based manufacturers could produce electronic components for the aircraft. Such data included plans for the F-15, F-16, F-18, Air Force One, and multiple UAVs.

PENTAGON PURCHASES DEVICES WITH CHINESE-MADE ENCRYPTION CHIPS

Multiple vendors that provide “secure” devices to the Department of War (such as encrypted hard drives) integrate components from a PRC-owned device manufacturer that is on the Department of Commerce’s Entity List, a list of companies that are restricted from receiving exports from U.S. companies due to their ties to America’s adversaries. Despite this, the Pentagon continues to purchase devices from these companies.

Such devices are certified for use through the Department of Commerce’s National Institute of Standards and Technology (NIST). NIST, unfortunately, only evaluates such devices’ fulfillment of computational standards, and not the security or country-of-origin risks that such devices present.

MULTIPLE AGENCIES CONTINUE TO PURCHASE CHINESE-MADE LAPTOPS

Lenovo, primarily known for its ThinkPad series, manufactures its laptops in China, and almost one-third of the company is owned by the Chinese Academy of Sciences (a state-backed research institution) through an investment company. Lenovo laptops are banned for use by the State Department and the Department of War. Despite this, contract fulfillment for Fiscal Year 2025 revealed that the Department of War continued to purchase Lenovo products through third-party vendors, resulting in hundreds of thousands of dollars in expenditures. Such purchases continue elsewhere across the government at agencies such as the Small Business Administration. Lenovo laptops used by the U.S. military in Iraq were allegedly capable of transmitting data to unknown recipients in China.

OTHER AGENCIES PURCHASE CHINESE-MADE ITEMS DUE TO VETTING FAILURES

Meanwhile, the General Services Administration (GSA) has provided ineffective oversight for other civilian agencies. An Inspector General report found that the GSA has allowed prohibited items made by PRC telecom giants Huawei and ZTE to pass through the review process. Furthermore, the report revealed that even when the GSA discovered that such items violated procurement policy, it had no mechanism in place to notify agencies that had purchased these items.

Other examples include:

• The United States Secret Service (organizationally overseen by the Department of Homeland Security) purchased at least 10 Chinese-made drones in 2022, despite other agencies in the Department of Homeland Security previously issuing warnings against purchasing that brand of drones for security reasons.
• The General Services Administration (GSA) failed to vet 150 teleconference cameras for security risks, and later analysis found that such cameras were (perhaps deliberately) vulnerable to exploitation and use as a data transmitter. The Inspector General accused GSA employees of deliberately misleading a supervisor by failing to provide accurate market data, which would have resulted in the devices not being purchased.
• The notorious “digital escort program” exposed initially at the Department of War involves the phenomenon of software engineers, some of whom are Chinese, performing system maintenance on USG devices. However, these services go beyond the Pentagon, and similar arrangements exist at the Departments of Commerce, Justice, and the Treasury.

CONCLUSION

Across the government, numerous agencies and programs are tasked with screening foreign procurement on the front end and mitigating negative consequences on the back end. However, these bodies are often ill-equipped and under-authorized to address the holistic threat that compromised devices and services from the PRC present to the United States.

Such agencies and offices include, but are not limited to:

• The General Services Administration (GSA)
• National Institute of Standards and Technology (NIST)
• The Office of Management and Budget’s (OMB) Office of Federal Procurement Policy (OFPP)
• The Department of Homeland Security’s (DHS) Federal Acquisition Security Council (FASC)
• Each agency’s procurement office