The Pentagon last year purchased thousands of Chinese tech products that contained known cybersecurity vulnerabilities, and officials have yet to enact policies to stop it from happening again, an internal watchdog found.
In 2018, the department bought more than 9,500 commercial printers, computers and cameras despite warnings that adversaries could use the products to infiltrate networks and spy on personnel, according to an inspector general audit. The procurements, which totaled roughly $33 million, expose significant shortcomings in the department’s supply chain security policies that persist to this day, auditors said in a redacted report published Tuesday.
Specifically, the Army and Air Force purchased more than 8,000 printers from Lexmark and 1,500 computers from Lenovo, two Chinese companies that national security officials previously linked to the Communist Party’s espionage operations.
The Lexmark printers contained multiple vulnerabilities that could allow bad actors to infiltrate Pentagon networks and launch attacks against military contractors, auditors said, and national security officials have repeatedly flagged Lenovo products as threats. The State Department banned Lenovo computers on its classified networks in 2006, and both the Homeland Security Department and Joint Chiefs of Staff have warned the company’s tech contains spyware and other vulnerabilities, the IG said.
Our IP Address: