Russian agents who stole $5 million worth of John Deere tractors in Ukraine last year were foiled when remote operators were able to render the vehicles useless via their U.S.-made Internet of Things (IoT) devices.
But Reps. Mike Gallagher (R-Wis.) and Raja Krishnamoorthi (D-Ill.) are worried that digital technology firms controlled by the People’s Republic of China or the Chinese Communist Party (CCP) are developing and may already have managed to insert into millions of products counter devices capable of overruling U.S. IoT remote operators.
“Serving as the link between the device and the internet, these modules have the capacity both to brick the device and to access the data flowing from the device to the web server that runs each device. As a result, if the CCP can control the module, it may be able to effectively exfiltrate data or shut down the IoT device. This raises particularly grave concerns in the context of critical infrastructure and any type of sensitive data.”
Mr. Gallagher and Mr. Krishnamoorthi are, respectively, chairman and ranking minority member of the House Select Committee on the CCP.
The two congressional leaders fear that the Chinese counter-devices may be present in U.S. military equipment, as well as internet-linked products such as electric-powered cars and trucks, a wide range of agricultural vehicles in addition to tractors, life-saving medical machines, and FCC-regulated telecommunication networks.
“Recent events demonstrate the power of these small modules. Last year, Russia stole $5 million worth of farm equipment from a John Deere dealership in Ukraine and attempted to bring it back to Russia. Luckily, that equipment was embedded with Western-made connectivity modules,” the congressmen told Ms. Rosenworcel.
“Because the modules can be controlled remotely and the vehicles require internet connectivity to operate, remotely shutting down the module allows the module provider to shut the vehicle down. When Russia moved the stolen John Deere vehicles across the border into Russia, the modules were disabled, shutting down the equipment and effectively turning the vehicles into bricks.”
There’s also concern that such counter-devices can copy operational data and related details from products using IoT articles, a prospect that especially prompts national security worries, according to the congressmen.
“As a result, if the CCP can control the module, it may be able to effectively exfiltrate data or shut down the IoT device. This raises particularly grave concerns in the context of critical infrastructure and any type of sensitive data,” the letter reads.
“Indeed, the CCP is well aware of the importance of IoT modules. It has given extensive state support to its cellular IoT industry, led by Quectel and Fibocom. Quectel provides modules to leading international firms. They are used in smart cities, drones, and U.S. first-responder body cameras. Fibocom, meanwhile, targets individual collaborations with major tech players.”
While acknowledging that, under Ms. Rosenworcel’s leadership, the FCC is addressing the issues related to the presence of IoT technology in U.S. military and civilian applications, Mr. Gallagher and Mr. Krishnamoorthi want to know if “the FCC, or other agencies with which it collaborates on national security issues, able to track the presence of Quectel, Fibocom, and other cellular IoT modules provided by PRC-based companies in the [United States].”
The congressmen also want to know if, in its consideration of regulating individual parts of IoT components, “requiring certification for modules used in communications equipment [could] be an effective means of countering PRC cellular IoT modules in U.S. networks.”
The congressmen also asked Rosenworcel if “the FCC [requires] or [desires] further statutory authorities to combat the threat that PRC cellular IoT modules pose.”
U.S. officials have also warned about the potential danger of remotely controlled “kill switches” being embedded in U.S. military and infrastructure systems via subsystems designed and sold by Chinese sources.
“Huawei is the poster child right now for that,” he said. “When I was in Brussels three weeks ago, we talked about this among defense ministers on how do we preserve the integrity of our networks as an alliance, and so that will continue to be important for me as we go forward.”
Huawei, a Chinese telecommunications firm, has sold hundreds of millions of dollars in cellphones and other communication parts to the U.S. government, but the FCC in 2022 banned Huawei and another Chinese tech company, ZTE, from further sales in the United States.