US policymakers have moved to block federal agencies and critical networks from using some foreign-made technologies that pose a threat to national security. According to a report released Wednesday by Georgetown University’s Center for Security and Emerging Technology, state and local government agencies in nearly every state have been buying technology from banned companies to support a variety of public services in recent years.
The report, which examined government procurement records provided by GovSpend, found that between 2015 and 2021, at least 1,681 state and local entities in 49 states purchased information and communications technology and services (ICTS) from five banned Chinese companies.
“Total, these companies performed nearly 5,700 transactions across a wide range of covered devices, including but not limited to smartphones, surveillance cameras, temperature scanners, handheld radios and network devices,” the report said, adding that the acquired technologies were deployed. in schools, hospitals, prisons, public transportation and government agencies across the country.”
Jack Corrigan, a research analyst at the Center for Security and Emerging Technology who co-authored the report, said next gov that the 1,681 state and local entities identified in the report likely represent “a low estimate” because the government procurement records analyzed for the report were not standardized with respect to the information listed.
In addition to Corrigan, the report was co-authored by Michael Kratsios — Scale AI’s executive director, who previously served as chief technology officer during the Trump administration — and Sergio Fontanez, an associate at the law firm Holland & Knight.
Section 889 of the National Defense Authorization Act of 2019 prohibited federal agencies from using technologies or services from these five Chinese companies — Huawei, ZTE, Hikvision, Dahua and Hytera — or from working with contractors using devices from these companies. As the report noted, Section 889 is “the first and most prominent regulation targeting foreign ICTS for reasons of national security.”
“If we view untrustworthy foreign technology as a national security issue, then it needs to be addressed at all levels of government,” Corrigan said.
Although five states — Florida, Georgia, Louisiana, Texas, and Vermont — also “have taken steps to restrict the purchase of untrusted ICTS for national security reasons,” the report states that “these regulations are generally not so structured.” that they are effective in countering foreign technology threats.” Only one state—Vermont—was found to have no state or local government entities that purchased prohibited ICTS falling under Section 889 during the period studied.
Congress and the federal government have taken steps in recent years to further ban the use of some foreign-made technology and equipment, particularly those made by Chinese and Russian companies. These legislative and regulatory efforts were enacted largely because of concerns that “covered technologies may contain secret backdoors or vulnerabilities intentionally built into the technologies.”
“For US national security leaders, the wide reach of these firms — and their integration into the networks of the United States and its allies — posed a major threat to national security and the economy,” the report said. “If the [Chinese Communist Party] if the Chinese tech industry wanted to use it as a conduit for espionage and other nefarious activities, it could potentially gain access to all of these global networks.”
While efforts to clean up foreign ICTS have largely focused on federal services and agencies, the report said that existing federal laws and regulations could be expanded to focus more on state and local government procurement processes because “the US government in best position to identify vulnerable ICTS and develop strategies to eliminate them from nationwide supply chains.”
For example, the report found that the Department of Commerce’s ICTS rule – which restricts procurement of technology and equipment from untrustworthy foreign companies – “has the potential to significantly strengthen the federal government’s ability to counter foreign technology threats in the broader U.S. market.” to proceed. but only if the Department of Commerce effectively implements the agency.”
And the Federal Communications Commission also has the power to determine which foreign ICTS can be legally sold in the US under the Secure Equipment Act of 2021, allowing the agency to “prohibit untrustworthy foreign technology from entering the US market.” , according to the report.
“Given their resource limitations and limited mandate, state and local governments should not be expected to independently address the national security implications of foreign ICTS,” the report said. “However, by complying with federal regulations governing the procurement of foreign ICTS, state and local governments can protect their digital infrastructure and keep procurement practices current without constant regulatory, administrative, or legal interference.”
Referring to state and local entities already using foreign-made technology and devices that are considered a national security risk, the report said the federal government should continue to support programs that “replace compromised ICTS with more trusted alternatives.” These so-called rip-and-replace programs include the FCC’s Secure and Trusted Communications Networks Reimbursement Program, which covers the cost of removing and replacing devices from Chinese companies Huawei and ZTE. However, as Corrigan noted in the program’s first round of applications, “applications far exceed available funds.”
“It’s probably impossible to replace every deployment of untrustworthy foreign technology in the US, so policymakers should allocate these funds to areas with the greatest potential security risks,” Corrigan added.