State Governments ‘Weakest Link’ in Protecting America From ‘Enemy’ Cyberattacks

United States federal agencies and the Pentagon over the last decade have imposed a matrix of restrictions on purchasing technology from companies owned or influenced by China’s ruling Chinese Communist Party (CCP), but few of the nation’s 50 states have taken similar precautions.

In fact, many state governments apparently aren’t aware—or haven’t publicly acknowledged—how potentially vulnerable their electronic infrastructure is to CCP cyberattacks, espionage, and data theft.

Georgetown University’s Center for Security & Emerging Technology (CSET) documents that between 2015-21, at least 1,681 state and local governments purchased technology from CCP-owned or controlled companies that federal agencies and the U.S. military are explicitly prohibited from doing business with.

With 2023’s legislative sessions kicking off in State Houses nationwide—45 will have convened by Jan. 18—proposed bills addressing the issue had only been filed by lawmakers in four states as of Jan. 11.

“State and local governments must take foreign technology threats seriously even if they do not face the same risks as federal agencies like DOD,” the CSET analysis states. “Even if governments are not targeted directly, the ICTs (information and communication technologies) they deploy might be used to compromise nearby critical infrastructure.”

The 2021 bill was sponsored by then-Rep. Tan Parker (R-Flower Mound), who was elected to the state Senate in November.

The proposed wind farm would feature turbines up to 700 feet tall. Some feared those turbines could be used to eavesdrop on and monitor activities at Laughlin Air Base less than 70 miles away.

“This Chinese billionaire was going to purchase land to build a wind farm in one of the few locations in Texas that doesn’t have a lot of wind,” ALEC task force director Jones said. “The state legislature, when they found out it was being built, had a lot of questions” and subsequently adopted LIPA “as a way to protect Texas.”

The 2021 discussion by Texas lawmakers about how to respond “illustrates how CFIUS [Committee on Foreign Investment in the United States] is limited” in application for state and local governments, she said.

CFIUS is a congressional interagency panel that only reviews transactions involving foreign investments and real estate transactions in the United States that potentially pose a national security threat. State IT systems are not part of its purview.

“He’s an ‘IT guy’ who recognized there were certain backdoors that allowed Chinese companies to record data” in technology they sell, Jones said. “He is the one that actually introduced the first ‘model bill’ on this particular issue.”

While communist-ruled China “has been on the radar” with state lawmakers for some time, few have really grasped how potentially exposed their state’s electronic infrastructure is to CCP intrusion, she said.

ALEC formed a task force to examine the issue and during a presentation last summer, and then-Rep. Parker explained why LIPA and Momtahan’s bill should be adopted by state lawmakers nationwide as soon as possible.

“A lot had been happening in tandem and parallel” with little coordination between states and the federal government, Jones said. “Both came up with legislation to protect states from Chinese influence more or less at the same time. Momtahan and Parker didn’t meet for the first time until this fall when I introduced them.”

You are seeing these bills proliferating largely as a result of Parker’s presentation and Momtahan’s bill, Jones said. “If you are seeing” proposed bills addressing the issue, “they probably would have gotten it after 2022 legislative sessions” unless “they came up with it on their own,” which is what Florida, Louisiana, and Vermont did.

But although bills are still being filed in the early stages of 2023 legislative sessions, legislation that appear based on ALEC’s model policy have only been introduced in four states.

Roy told The Epoch Times that he filed his HB 86 after receiving an email from ALEC last summer with a link to its model policy.

“I looked into it and saw that at the state level, we have to do something,” he said, noting while many states have prohibited the use of the TikTok by agencies and employees, the potential threat posed by the China-based parent company is nothing compared to the “ubiquitous software and hardware in common use” by New Hampshire state agencies.

“Based on what I have seen across the country, China has insidious and nefarious plans to infiltrate our technology,” Roy said. “This is a lot more dangerous than TikTok.”

Long told The Epoch Times that he and other South Carolina lawmakers filed 2022 bills addressing the technology infiltration threat posed by CCP-affiliated tech companies but “we weren’t able to make much progress.”

Of his 2023 bills, he said, “We’re a little bit later into the game but with better legislation.”

Long said there are two bills because the issue “is two-fold, partially an economic matter and partially a national security matter.”

Like most states competing for job-generating investment by offering “economic development incentives,” lawmakers want to ensure those inducements benefit South Carolinians, he said.

“If we’re going to be using state dollars, we want to support businesses that agree with American values or are headquartered in America or, if not, at least agreeable with U.S. interests,” Long said. “How can we make better use of state dollars so we are supporting our people? Who do we want to be investing in: Chinese-owned companies or American companies? We don’t want to be using taxpayers money to essentially subsidize Chinese companies.”

The bills also address national security. “We cannot be overly reliant on China,” he said, noting that Chinese companies operating under the thumb of the CCP produce a wide swath of products, including prescription medicines, that Americans use every day.

“This is in the federal government’s bailiwick. I don’t get the intelligence to deal with it,” he said. “As a state legislator, I do not get intelligence updates. We’re not getting intelligence briefings” in State Houses across the country.

It doesn’t help that successive administrations have fudged in stating the obvious to the American public, although “Trump put his thumb on it”—that China under the CCP is not merely a difficult trading partner but an existential threat, Roy said.

“The problem is the federal government needs to tell the people, ‘Look, the Chinese government is an enemy—they are our enemy,’” he said. “People don’t understand that they are our enemy.”

Long cited similar frustrations, calling for more federal coordination and focus for states. “We are kind of in the early stages of this,” he said of increasing pressure on China. “Now that Trump is no longer in office, nobody on the national level is spearheading the effort.”

Roy was surprised his bill in New Hampshire was among only four 2023 state measures addressing the issue.

“It seems to me this should be a priority. It’s shocking that more states have not done it,” he said. “This is happening while we watch them buying up property in the United States. Nobody seems to be doing anything about it. That is on my radar, too.”

Jones said that acquisition of property, especially of agricultural land, by CCP shell companies will be a topic of an ALEC task force seminar in the coming months. Florida Gov. Ron DeSantis raised the issue during a July speech.

“DeSantis, by the way, is awesome,” she said. “Through executive orders and legislation, he is protecting the state of Florida from Chinese influence about as well as he can. In fact, ALEC has adopted some of its model policies from what Florida is already doing.”