Homeland Security Republicans Request Admin Briefing on Threats Posed by CCP to ICT Supply Chain 

WASHINGTON, D.C. – Today, House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) and Subcommittee on Counterterrorism, Law Enforcement, and Intelligence Chairman August Pfluger (R-TX) sent a letter to Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly requesting a briefing on the threats posed by the Chinese Communist Party (CCP) to the information and communications technology (ICT) supply chain. Specifically, the letter requests more information regarding CISA’s efforts through the Federal Acquisition Security Council (FASC) to protect against the CCP’s use of source code in infiltrating and maintaining access to ICT supply chains. Today’s letter follows previous letters by Members of the Committee regarding threats posed to the U.S. ICT supply chain and preceded a Subcommittee hearing today on the CCP’s numerous threats to the homeland, featuring testimony from government witnesses.

In the letter, the Members state, “Given the role of the Department of Homeland Security (DHS), and specifically CISA’s role as the ISA on the FASC, we urge you to consider exploring the CCP’s use of source code, including where it is located, how it is updated, and who has access to it, to infiltrate and maintain access to federal civilian and critical infrastructure ICT supply chains.”

The Members continue, “The 2023 Annual Threat Assessment of the U.S. Intelligence Community (IC) states, “Globally, foreign states’ malicious use of digital information and communication technologies will become more pervasive, automated, targeted, and complex during the next few years.”  This assessment by the IC makes clear the threat. To combat it, we must ensure companies who wish to do business with the United States Government and critical infrastructure take action to ensure their products are not compromised as a result of business dealings in China that may require sharing or review of source code by the CCP.”

The Members conclude, “Article 7 of the People’s Republic of China’s National Intelligence Law, as amended in 2018, states, “all organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”  Under this law, Chinese companies and companies who do business in China, such as ByteDance, and therefore TikTok America, are required to hand all data in its possession to the Chinese government if asked, including source code. TikTok is just one example—the pervasiveness of this issue spreads far and wide within the ICT supply chain and has the potential to increase systemic risk across critical infrastructure sectors.”

Read the full letter here.

###