Last week, Fox News reported that the Chinese military is displaying the ability to disrupt key infrastructure in America. The report showed that hackers affiliated with the People’s Liberation Army gained access to dozens of American systems over the past year, from water utilities to ports to oil and gas pipelines. These incidents speak to the need for the federal government to aggressively vet contractors and that may be vulnerable to Chinese Communist Party (CCP) operations.
Dr. Mark Green (R-Texas), the chairman of the House Homeland Security Committee, recently made this known to the Department of Homeland Security. In a recent letter, he wrote that, “concerns exist that government-built solutions in use by the Department are not held to a comparable standard as software that is built by the private sector.”
Despite the prevalence of this obvious threat, the Department of Homeland Security continues to work with SAP Concur, a software company with deep ties to the CCP, for its software needs.
SAP’s CEO has shaken hands with CCP Shanghai Party Secretary Chen Jining on a plan to help transform the very same capabilities of China’s cities and industries that were recently breached. His company regularly works with Chinese corporations that have reputations for providing data to the CCP, and per China’s Military-Civil Fusion laws, must provide data, coding, and trade secrets to the People’s Liberation Army. But Homeland Security doesn’t seem to care. This department added a subsidiary (SAP NS2) to their approved vendors list, while the Department of Defense gave SAP a sole-sourced contract worth up to $375 million to build a software system.
Do Homeland Security and DOD not realize the grave threat that the CCP poses at this time? Do they not understand the massive hacking threat that is currently present?
Given the lax approach the nation’s top defense leaders have taken to creating a CCP firewall, it is no wonder that China is rooted so deep in the U.S.’s software.
While Homeland Security and DOD contracts represent the most surprising and dire examples of the CCP’s easy access to America’s infrastructure, they are far from the only ones.
Green also wrote a letter to the Government Accountability Office asking that they “review the Office of Personnel Management’s use of the USA Staffing talent-acquisition-management information system” — a request that House Committee on Oversight and Reform Chairman James Comer (R-KY) previously made.
Green is correct that the OPM, which performs most of the government’s human resources responsibilities, deserves scrutiny. OPM had the largest data breach in government history, which affected 25 million records, and yet has not changed most of its protocols.
As Ars Technica put it, the “personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government.”
Why the government has allowed OPM to continue operating without scrutinization, restrictions, or consequences after handing millions of government records to hackers is inexcusable, but Green and the rest of the House Oversight Committee are committed to finding out.
Where can Congress go from here? A comprehensive review and revamping of cybersecurity protocols across all federal agencies in the new year would represent a sound starting place. This should include a proactive strategy to anticipate and counter existing and future hacking techniques from the People’s Republic of China.
Additionally, many third-party companies have impressive data protection records — records that the federal government cannot currently match. U.S. agencies should lean on their expertise and contract with these firms whenever possible.
Congress, through its purse and oversight roles, has the right and the responsibility to protect the United States, its military, and its citizens from any and all threats posed by foreign actors. It cannot afford to let any adversary have unharried access to its infrastructure, data, and operations.
Phil Kiver, Ph.D., an Army Veteran, is a defense and public safety analyst.
Join the conversation as a VIP Member