US must protect against cyber threats from China

ADVERTISEMENT
Counterintelligence experts agree that China is the largest current source of cyber threats - in fact, the Chinese government itself is one of the major perpetrators. Chinese actors are among the world’s most active in committing cyber-crimes.

Last week, the House Permanent Select Committee on Intelligence released an unclassified report on a year-long investigation into the threat posed by Chinese government-affiliated telecommunications companies - specifically Huawei Technologies Co., Ltd. and ZTE Corporation - both of which are currently seeking to gain a larger share of the U.S. marketplace.

Concerns were first raised about Huawei and ZTE two years ago when my colleagues and I sent a letter to the Federal Communications Commission bringing to its attention reports that both companies had significant ties to the Chinese government and military.

As more troubling information was revealed, my colleagues and I petitioned various government agencies about the need to protect their jurisdictions against threats posed by these companies.

For example, we asked the Departments of Treasury and Commerce to examine the security of Huawei products following reports that the company was actively evading investigations and oversight by the Committee on Foreign Investments in the United States.

Additionally, we asked the departments of Defense and Treasury, and the Securities and Exchange Commission to investigate the security of technologies procured by the University of Tennessee National Center for Computational Engineering from Huawei at a drastically deflated price, and whether the questionable nature of the relationship between Huawei and the Chinese government and military was disclosed during this acquisition.

Most recently, we asked the State and Treasury departments to provide information about allegations that both companies provided sensitive technologies to Iran, and to investigate whether this violated any Iran sanctions.

I'm not the only one who has raised these concerns. Officials in the United Kingdom, Australia, Canada, and India have expressed similar concerns about Huawei and ZTE. The Australian government went so far as to ban Huawei from critical infrastructure projects. The Department of Defense, in open-source material, has also acknowledged that security issues exist with Huawei and ZTE – specifically they maintain close ties to Chinese military officials.

In response, the Intelligence Committee held a rare open hearing last month questioning representatives from Huawei and ZTE about their respective companies' involvement with the Chinese government and military, possible Iran sanctions violations, and possible export control violations. Instead of providing useful information, the companies consistently provided contradictory or nonresponsive answers - actions which only heighten U.S. government and international concerns.

The committee's investigation concluded that an expanded role in the U.S. economy by Huawei and ZTE would not be beneficial and could undermine the privacy and security of the U.S. government and American citizens. The report recommends that the U.S. government, state and local entities, and private businesses avoid doing business with these companies. 

The issues that surface when considering Huawei and ZTE reiterate the need for Congress to establish industry cyber-security standards. Currently, the federal government’s ability to share cyber-security threat information with the private sector, as well as defend the private sector against certain threats, is inadequate.

The House passed an information sharing bill, the Cyber Intelligence Sharing and Protection Act, on April 26. While information sharing is a start, Congress can and should do more to address cyber-security concerns and vulnerabilities, and ensure that government entities have the resources and legal authority necessary to prevent companies such as Huawei and ZTE from inserting malicious equipment into various supply chains and markets. Congress can also do more to allow the government to protect the private sector from state-sponsored cyber-threats – including from Chinese, Russian, and Iranian governments. 

As a member of Congress, one of my primary responsibilities is to protect the security of those that I represent. That's been my main concern as I've looked at the actions of Huawei and ZTE over the years - making sure that companies that pose a threat to our cyber and national security don't have access to sensitive information and technologies within our country.

Myrick is chairman of the Subcommittee on Terrorism, Human Intelligence, Analysis, and Counterintelligence.