A member of the Senate Armed Services Committee (SASC) is calling on the Defense Department to end its pattern of purchasing electronic equipment with known cybersecurity risks, particularly from China.
Sen. Joni Ernst (R-Iowa), who chairs the SASC Emerging Threats and Capabilities Subcommittee, issued a letter to Deputy Defense Secretary David Norquist Aug. 27 noting her concern that “despite repeated warning from multiple government agencies, DoD is continuing to purchase and use computers and other electronics with known cybersecurity risks” including “equipment from a company with connections to the military and cyber espionage programs of” China.
She singles out Lenovo [LNVGF], China’s largest computer company, and calls out the Defense Department for spending more than $2.1 million on the company’s products last year.
“If you have not already done so, I urge you to assess and mitigate the threat posed by any high-risk equipment currently in use and prohibit the purchase of any additional technology with cybersecurity vulnerabilities,” Ernst said.
The Army National Guard veteran noted in her letter several Pentagon and State Department-related reports issued since 2006 that caution against products made by Lenovo, claiming they could introduce compromised hardware into the U.S. military supply chain and prove risky for classified and non-classified Defense Department networks.
“In 2015, the Department of Homeland Security issued warnings about pre-installed spyware and other vulnerabilities identified in Lenovo computers. Yet, DoD has not yet banned the purchase and use of Lenovo products,” she said.
In 2017, the Army grounded its fleet of drones made by Chinese company DJI due to increased awareness of cyber vulnerabilities.