Well this is embarrassing, and a national security threat at the same time. The GSA was ratted out to the US Inspector General for the purchase of some Chinese made videoconferencing cameras. Here’s how that went down:
In 2022, our office was contacted by a GSA employee who was concerned about GSA’s purchase and use of Chinese-manufactured videoconference cameras. Since these cameras were manufactured in China, they were not compliant with the Trade Agreements Act of 1979 (TAA). Our audit objective was to determine whether GSA’s purchase and use of these Chinese-manufactured videoconference cameras were in accordance with federal laws, regulations, and internal guidance.
And:
GSA Office of Digital Infrastructure Technologies (IDT) employees misled a contracting officer with egregiously flawed information to acquire 150 Chinese-made, TAA-noncompliant videoconference cameras. Before completing the purchase, the contracting officer requested information from GSA IDT to justify its request for the TAA-noncompliant cameras, including the existence of TAA-compliant alternatives and the reason for needing this specific brand. In response, GSA IDT provided misleading market research in support of the TAA-noncompliant cameras and failed to disclose that comparable TAA-compliant alternatives were available.
The TAA-noncompliant cameras have known security vulnerabilities that need to be addressed with a software update. However, GSA records indicate that some of these TAA-noncompliant cameras have not been updated and remain susceptible to these security vulnerabilities.
Well, that’s really freaking bad. Andrew Borene, Executive Director for Global Security, Flashpoint had this comment:
“The GSA’s procurement of unauthorized Chinese-made cameras with known vulnerabilities is certainly a matter of concern, echoing similar apprehensions we’ve had in the past about other technology products, such as drones, from China.
These cameras, like any technology that connects to IT systems, can become a potential vector for espionage, malware, or maintaining a persistent presence in federal networks. The PRC’s Communist government has passed a number of increasingly totalitarian laws mandating that all Chinese corporations share information with the government for national security purposes. This creates an inherent risk when using their manufactured technology in sensitive environments.
Given the PRC’s history of espionage, and the increasingly intertwined relationship between the state and private enterprises, the use of these cameras in federal settings poses a significant risk, not just due to their known vulnerabilities, but also due to the potential for hidden backdoors or other compromised elements in their hardware or software.
The prevalence of unauthorized Chinese-made technologies in government agencies, despite known risks, is a multifaceted issue. One primary factor is China’s dominance in manufacturing and global supply chains, making their products readily available and often more cost-effective.
However, this convenience comes with heightened risks, especially when considering critical infrastructure and national security.
The challenge in keeping these products out of federal networks lies in the complexity of supply chains and the difficulty in thoroughly vetting every component for security risks. The PRC’s significant role in technology production, combined with its aggressive espionage tactics, necessitates a more cautious approach. The focus should not only be on direct components but also on an extensive evaluation of the entire supply chain, acknowledging the -nth party risks.
In light of China’s continued efforts to infiltrate Western networks for intelligence and espionage, it is crucial for government agencies to exercise heightened diligence and opt for more secure alternatives, even if they come at a higher cost or require more rigorous procurement processes.”
Hopefully those people in the GSA who were stupid enough to buy these cameras get what’s coming to them. Because given China’s history of espionage, this was a completely unacceptable purchase.
Related
This entry was posted on January 26, 2024 at 8:45 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The GSA Gets Called Out By The Inspector General For Buying Suspect Chinese Videoconferencing Cameras
Well this is embarrassing, and a national security threat at the same time. The GSA was ratted out to the US Inspector General for the purchase of some Chinese made videoconferencing cameras. Here’s how that went down:
In 2022, our office was contacted by a GSA employee who was concerned about GSA’s purchase and use of Chinese-manufactured videoconference cameras. Since these cameras were manufactured in China, they were not compliant with the Trade Agreements Act of 1979 (TAA). Our audit objective was to determine whether GSA’s purchase and use of these Chinese-manufactured videoconference cameras were in accordance with federal laws, regulations, and internal guidance.
And:
GSA Office of Digital Infrastructure Technologies (IDT) employees misled a contracting officer with egregiously flawed information to acquire 150 Chinese-made, TAA-noncompliant videoconference cameras. Before completing the purchase, the contracting officer requested information from GSA IDT to justify its request for the TAA-noncompliant cameras, including the existence of TAA-compliant alternatives and the reason for needing this specific brand. In response, GSA IDT provided misleading market research in support of the TAA-noncompliant cameras and failed to disclose that comparable TAA-compliant alternatives were available.
The TAA-noncompliant cameras have known security vulnerabilities that need to be addressed with a software update. However, GSA records indicate that some of these TAA-noncompliant cameras have not been updated and remain susceptible to these security vulnerabilities.
Well, that’s really freaking bad. Andrew Borene, Executive Director for Global Security, Flashpoint had this comment:
“The GSA’s procurement of unauthorized Chinese-made cameras with known vulnerabilities is certainly a matter of concern, echoing similar apprehensions we’ve had in the past about other technology products, such as drones, from China.
These cameras, like any technology that connects to IT systems, can become a potential vector for espionage, malware, or maintaining a persistent presence in federal networks. The PRC’s Communist government has passed a number of increasingly totalitarian laws mandating that all Chinese corporations share information with the government for national security purposes. This creates an inherent risk when using their manufactured technology in sensitive environments.
Given the PRC’s history of espionage, and the increasingly intertwined relationship between the state and private enterprises, the use of these cameras in federal settings poses a significant risk, not just due to their known vulnerabilities, but also due to the potential for hidden backdoors or other compromised elements in their hardware or software.
The prevalence of unauthorized Chinese-made technologies in government agencies, despite known risks, is a multifaceted issue. One primary factor is China’s dominance in manufacturing and global supply chains, making their products readily available and often more cost-effective.
However, this convenience comes with heightened risks, especially when considering critical infrastructure and national security.
The challenge in keeping these products out of federal networks lies in the complexity of supply chains and the difficulty in thoroughly vetting every component for security risks. The PRC’s significant role in technology production, combined with its aggressive espionage tactics, necessitates a more cautious approach. The focus should not only be on direct components but also on an extensive evaluation of the entire supply chain, acknowledging the -nth party risks.
In light of China’s continued efforts to infiltrate Western networks for intelligence and espionage, it is crucial for government agencies to exercise heightened diligence and opt for more secure alternatives, even if they come at a higher cost or require more rigorous procurement processes.”
Hopefully those people in the GSA who were stupid enough to buy these cameras get what’s coming to them. Because given China’s history of espionage, this was a completely unacceptable purchase.
Share this:
Like this:
Related
This entry was posted on January 26, 2024 at 8:45 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.