Members of the House Committee on Homeland Security sent a letter to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), on May 23 asking about the agency’s progress in defending critical information and communications technology (ICT) supply chains.
The letter sent by Reps. Andrew Garbarino, R-N.Y., and August Pfluger, R-Texas, calls on Easterly to provide more information on the work that’s being done by the Federal Acquisition Security Council (FASC) to counter Chinese government threat and protect against Chinese infiltration of the ICT supply chain.
“We write to follow up on the letters sent to the Department by Members of the Committee regarding threats posed to the U.S. ICT supply chain, specifically by the Chinese Communist Party (CCP),” stated the congressmen. “We remain concerned the CCP exerts undue influence on our ICT supply chain but remain confident in the authorities Congress granted the FASC to mitigate this risk.”
The letter follows an assessment released earlier this year titled the 2023 Annual Threat Assessment of the U.S. Intelligence Community which outlines an increased threat from foreign state actors looking to infiltrate American supply chains.
According to the assessment, “China will remain the top threat to U.S. technological competitiveness, as Beijing targets key sectors and proprietary commercial and military technology from U.S. and allied companies and institutions.”
“To combat [this], we must ensure companies who wish to do business with the United States Government and critical infrastructure take action to ensure their products are not compromised as a result of business dealings in China that may require sharing or review of source code by the CCP,” stated the congressmen in their May 23 letter.
The letter asks that CISA provide information on the following topics:
- What is CISA’s role as the Information Sharing Agency (ISA) for the FASC;
- What is the potential risk of exposing source code to the CCP;
- Has CISA in its role as the ISA gathered information on how source code for software has already been exposed to the CCP;
- What safeguards and measures are there to refer potentially concerning data points to the FASC; and
- What challenges does CISA face in its role in the FASC when it comes to ICT.
The push to counter Chinese cyber activity also comes as Federal agencies and other international bodies put out a recent advisory against growth in state-sponsored cyber activity with malicious purposes.