- Apr 5, 2014
- 6,001
The Pentagon’s Joint Staff recently warned against using equipment made by China’s Lenovo computer manufacturer amid concerns about cyber spying against Pentagon networks, according to defense officials.
A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.
The J-2 report was sent Sept. 28, and also contained a warning that Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks.
The report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.
One official said Lenovo equipment in the past was detected “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering.
“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.
About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute. In April, a Chinese Academy of Sciences space imagery expert, Zhou Zhixin, was named to a senior post in the Chinese military’s new Strategic Support Force, a unit in charge of space, cyber, and electronic warfare.
China has been linked by the National Security Agency to large-scale cyber spying against both the Pentagon and American and foreign defense contractors.
Joint Staff spokesman Capt. Greg Hicks declined to comment on the J-2 report but said the military is wary of foreign nations’ cyber spying.
“Although we are concerned any time another nation or individual attempts to initiate intelligence collection against the Department of Defense, we do not discuss internal assessments,” Hicks said.
Lenovo spokesman Ray Gorman said he was unaware of the Joint Staff concerns.
On company efforts to acquire American information technology firms, Gorman said “we have stated many times that we continue to look worldwide for opportunities that make sense for our customers and shareholders, add value to our product portfolio, and help keep us on track for continued profitable growth.” He declined to comment on specific acquisition talks.
A Pentagon spokesman said the Defense Department has not imposed a “blanket ban” on all Lenovo products and does not blacklist suppliers or individual products.
Pentagon policy for protecting mission critical functions in securing computer systems and networks “requires the department to perform supply chain risk management functions when acquiring products for use in its national security systems,” the spokesman said, adding that the analysis is done on a case-by-case basis.
Rep. Robert Pittenger who has investigated Chinese cyber risks in the past, said he is concerned by the Joint Staff report.
“Chinese cyber security and supply chain concerns remain a significant problem for both the Defense Department and the remainder of the federal government,” Pittenger (R., N.C.) told the Washington Free Beacon.
Pittenger said it is important for Congress to press Pentagon acquisition officials “to act swiftly on perceived cyber-threats and remove IT vendors from our supply chain if evidence exists suggesting a security vulnerability.”
“I would be very disappointed to learn, however, if the Defense Department or the Air Force sought to obfuscate the facts regarding contracts with Lenovo when this issue was brought to my attention back in April,” he added...
A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.
The J-2 report was sent Sept. 28, and also contained a warning that Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks.
The report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.
One official said Lenovo equipment in the past was detected “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering.
“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.
About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute. In April, a Chinese Academy of Sciences space imagery expert, Zhou Zhixin, was named to a senior post in the Chinese military’s new Strategic Support Force, a unit in charge of space, cyber, and electronic warfare.
China has been linked by the National Security Agency to large-scale cyber spying against both the Pentagon and American and foreign defense contractors.
Joint Staff spokesman Capt. Greg Hicks declined to comment on the J-2 report but said the military is wary of foreign nations’ cyber spying.
“Although we are concerned any time another nation or individual attempts to initiate intelligence collection against the Department of Defense, we do not discuss internal assessments,” Hicks said.
Lenovo spokesman Ray Gorman said he was unaware of the Joint Staff concerns.
On company efforts to acquire American information technology firms, Gorman said “we have stated many times that we continue to look worldwide for opportunities that make sense for our customers and shareholders, add value to our product portfolio, and help keep us on track for continued profitable growth.” He declined to comment on specific acquisition talks.
A Pentagon spokesman said the Defense Department has not imposed a “blanket ban” on all Lenovo products and does not blacklist suppliers or individual products.
Pentagon policy for protecting mission critical functions in securing computer systems and networks “requires the department to perform supply chain risk management functions when acquiring products for use in its national security systems,” the spokesman said, adding that the analysis is done on a case-by-case basis.
Rep. Robert Pittenger who has investigated Chinese cyber risks in the past, said he is concerned by the Joint Staff report.
“Chinese cyber security and supply chain concerns remain a significant problem for both the Defense Department and the remainder of the federal government,” Pittenger (R., N.C.) told the Washington Free Beacon.
Pittenger said it is important for Congress to press Pentagon acquisition officials “to act swiftly on perceived cyber-threats and remove IT vendors from our supply chain if evidence exists suggesting a security vulnerability.”
“I would be very disappointed to learn, however, if the Defense Department or the Air Force sought to obfuscate the facts regarding contracts with Lenovo when this issue was brought to my attention back in April,” he added...
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}