A congressional commission report found that the top manufacturers supplying information technology (IT) equipment to the U.S. government sourced an average of 51 percent of the parts from China.
The lack of a proactive strategy for managing U.S. supply chains combined with the Chinese regime’s malicious intent constitutes a great risk to U.S. national security, economic competitiveness, and the privacy of American citizens, the report says.
The report was released on April 19 by U.S.-China Economic and Security Review Commission, a congressionally mandated organ dedicated to investigating national security and trade issues between the United States and China.
Based on information publicly available, the report found that an average of 51 percent of the parts shipped to seven top U.S. IT manufacturers—Hewlett-Packard, IBM, Dell, Cisco, Unisys, Microsoft, and Intel—originated from China. These U.S. manufacturers in turn provided most of the computers, routers, software, printers, and other IT products that are used by U.S. government.
Among the seven companies, Microsoft tops the list with 73 percent of its parts sourced from China, according to the report.
Jennifer Bisceglie, chief executive of Interos Solutions, was one of the experts who contributed to the report. She said that much of U.S. government’s annual $90 billion procurement in information technology ended up purchasing Chinese products or products that contain parts made in China.
The report cautions that the seven companies are not the only ones providing IT equipment for the U.S. government, but are some of the top providers based on publicly available sources. Other top federal enterprise IT providers such as AT&T, Abacus Technology, and Amazon Web Services have not been surveyed.
Over 95 percent of commercial electronics components and IT systems supporting the U.S. government are commercial off-the-shelf products, according to the report, and China’s role in the global supply network of these products is significant.
For years, national security experts as well as U.S. officials have sounded the alarm regarding the possibility that adversary nation states could be sophisticated enough to introduce a malicious defect in U.S. equipment, maybe even an exploitable defect that can be triggered at a time of the adversary’s choosing.
Given the ever-increasing threats posed by the Chinese regime to U.S. national security, there have been growing calls for a comprehensive review of the U.S. manufacturing industry’s reliance on parts made in China, especially products that are eventually sold to and used by the U.S. government or even the U.S. military.
The report also points to a list of Chinese industrial laws and policies that were enacted in the past few years, all of which seek to aggressively elevate China and Chinese manufacturers to dominate the world’s information and communication technology (ICT) market in the future.
“These new regulations present a serious dilemma for U.S. multinationals [companies] and a threat to U.S. national security,” the report says. “If U.S. companies—which are the primary providers of ICT to the U.S. federal government—surrender source code, proprietary business information, and security information to the Chinese government, they open themselves and federal ICT networks to Chinese cyberespionage efforts.”
Cyber-attacks on supply chains could also become easier and more prevalent as developing technologies such as 5G mobile network technology and the internet of things exponentially increase avenues for attack, the report says.
The report recommends the creation of a “centralized leadership” within the U.S. government to supervise and regulate the supply chain, which would require U.S. government contractors to disclose suppliers of their parts. In addition, it also suggests Congress tie program budgets to supply-chain monitoring to ensure compliance.