A congressional commission report found that the top manufacturers supplying IT equipment to the U.S. government have sourced an average of 51 percent of the parts from China since 2012. The lack of a proactive strategy for managing U.S. supply chains, combined with the Chinese communist regime’s malicious intent, constitutes a great risk to U.S. national security, economic competitiveness, and the privacy of American citizens, the report says.
Based on publicly available information, the report found that an average of 51 percent of the parts shipped to seven top U.S. IT manufacturers—Hewlett-Packard, IBM, Dell, Cisco, Unisys, Microsoft, and Intel—originated from China. These U.S. manufacturers, in turn, provided most of the computers, routers, software, printers, and other IT products that are used by the U.S. government.
Among the seven companies, Microsoft tops the list, with 73 percent of its parts sourced from China, according to the report.
The report cautions that the seven companies are not the only ones providing IT equipment for the U.S. government. Other top federal IT providers such as AT&T, Abacus Technology, and Amazon Web Services have not been surveyed.
More than 95 percent of commercial electronics components and IT systems supporting the U.S. government are commercial off-the-shelf products, according to the report, and China’s role in the global supply network of these products is significant.
For years, national security experts, as well as U.S. officials, have sounded the alarm regarding the possibility that adversary nation-states could be sophisticated enough to introduce a malicious defect in U.S. equipment, maybe even an exploitable defect that can be triggered at a time of the adversary’s choosing.
Given the ever-increasing threats posed by the Chinese regime to U.S. national security, there have been growing calls for a comprehensive review of the U.S. manufacturing industry’s reliance on parts made in China, especially products that are eventually sold to and used by the U.S. government or even the U.S. military.
The report also points to a list of Chinese industrial laws and policies that were enacted in the past few years, all of which seek to aggressively elevate China and Chinese manufacturers to dominate the world’s information and communication technology (ICT) market in the future.
“These new regulations present a serious dilemma for U.S. multinationals and a threat to U.S. national security,” the report says. “If U.S. companies—which are the primary providers of ICT to the U.S. federal government—surrender source code, proprietary business information, and security information to the Chinese government, they open themselves and federal ICT networks to Chinese cyberespionage efforts.”
Cyberattacks on supply chains could also become easier and more prevalent as developing technologies such as 5G mobile network technology and the internet of things exponentially increase avenues for attack, the report says.
The report recommends the creation of a “centralized leadership” within the U.S. government to supervise and regulate the supply chain, which would require U.S. government contractors to disclose who supplies their parts. In addition, it also suggests that Congress tie program budgets to supply-chain monitoring to ensure compliance.