U.S. State and Local Governments Still Buy Banned Chinese Tech

National security leaders have long warned that technologies produced by Huawei, ZTE, and other Chinese companies could be used as conduits for foreign espionage, hacking, and other nefarious activities. But state and local government agencies across the United States are still purchasing and installing this dangerous equipment. If U.S. policymakers do not construct a more unified defense against foreign technology threats, the country will remain vulnerable to potentially devastating attacks.

U.S. government agencies have been forbidden from using equipment from Huawei, ZTE, and three other Chinese companies designated as national security threats since 2019, and policymakers have been sounding the alarm on these firms since at least 2012. But in a recent report we published with Georgetown University’s Center for Security and Emerging Technology, we found state and local officials have continued installing products from these companies in the networks of schools, hospitals, transit systems, utility departments, and other government facilities nationwide.

Eliminating a particular product from any supply chain is no easy feat. The global technology industry is vast, complex, and opaque, which makes it exceedingly difficult for governments to determine the provenance of the products they purchase. Aside from transparency issues, many state and local agencies also have limited funds and technical expertise, and they may reasonably prioritize addressing pressing threats like ransomware over the more abstract risks posed by foreign technology.

Still, this technology poses a variety of national security threats. Huawei has been implicated in data breaches, internet censorship, and espionage campaigns in dozens of countries. FBI investigators recently discovered that the company’s equipment could intercept or disrupt communications related to the U.S. military’s nuclear arsenal. Potential backdoors have also been uncovered in products from other Chinese companies, such as Hikvision. When deployed in government networks, these technologies can serve as possible entry points for hackers looking to damage public services, steal sensitive data, or spy on internal operations.

Our analysis of public procurement records revealed that nearly 1,700 state and local agencies purchased products and services connected to the five Chinese companies on the federal blacklist between 2015 and 2021. The data is incomplete, which suggests the true number is much higher. Still, agencies in every state except Vermont appear in the list.

In addition to security threats, the global dominance of Chinese technology giants also presents broader economic risks, potentially leaving the United States dependent on its biggest geopolitical competitor for access to critical technologies. Jeremy Fleming, director of the United Kingdom’s GCHQ intelligence agency, recently called China’s efforts to dominate the global technology ecosystem “the national security issue that will define our future.”

State and local governments do not face the same risks as, say, the U.S. military, but they should still take foreign technology threats seriously. These governments manage a wide variety of public services and are heavily involved in certain critical infrastructure sectors, such as water management and transportation, and foreign hackers have already shown an interest in targeting them. Even if state and local networks are not the primary targets, hackers can use them as springboards into other critical systems.

Lawmakers in a handful of states—including Florida, Georgia, Louisiana, Texas, and Vermont—have attempted to block purchases of untrustworthy foreign technology. Although well intentioned, these measures generally fail to address the risks at hand, with some containing loopholes large enough to render the regulations ineffective. Local-level efforts are all but nonexistent.

This is not all that surprising, as the federal government is generally responsible for national security. But the mismatch among federal, state, and local approaches to foreign technology threats underscores the need to develop a more cohesive, nationwide strategy.

The Federal Communications Commission can take the lead here. Commissioners will soon vote on rules that would prohibit new authorizations of equipment produced by companies that pose national security threats. Should it pass, this measure would make it illegal to sell most new products made by Huawei, ZTE, and eight other foreign companies on the agency’s blacklist. Such a policy would lay the foundation for a nationwide defense against untrustworthy foreign tech.

The rest of the federal government has the power to build on this base. Under a 2019 law, federal agencies can ban equipment from foreign vendors on the grounds of national security. A Trump-era executive order also permits the U.S. Commerce Department to review and block any technology-related transaction that it deems a national security risk. This applies to purchases by all organizations—public and private—that fall under U.S. jurisdiction.

But while federal policymakers are empowered to combat foreign technology threats, they have yet to effectively wield that authority. Leaders need to apply political pressure to reinvigorate supply chain security programs. Congress must provide the Commerce Department with the resources to implement its new authorities, increase funding for “rip and replace programs,” and require policymakers to publish a master list of current and future federal bans. State and local agencies should align their own procurement practices with the federal blacklist.

Building a more unified defense against foreign technology threats will secure American networks and bolster the U.S. tech economy. Policymakers have all the right tools at their disposal—it’s time they start using them.