VA looks to rid supply chain of banned Chinese equipment
The Department of Veterans Affairs is taking a second look for any blacklisted Chinese equipment still lurking on its networks after lawmakers expressed concern Wednesday that the department may still be linked to companies banned by the U.S. government.
The VA responded to congressional questions last week that were requested in November on any equipment it may be using from banned Chinese companies, like Huawei, ZTE and others that the U.S. has asserted pose a security risk, like Lenovo and Hytera.
Huawei, ZTE and their subsidiaries were blocked from use by federal agencies last August in Section 889 of the 2019 National Defense Authorization Act. U.S. officials believe these companies have backdoor access to the information flowing on their networks that poses a national security risk to the federal government.
That audit — described by the House Committee on Veterans’ Affairs as a simple search of the Federal Procurement Data System — turned up one active contract with a Huawei serial number, three with Hytera and more than 100 with Lenovo that the department said are no longer active.
Rep. Jim Banks, R-Ind., called the VA’s search methodology flawed. The worry is that deeper in the supply chain or even deeper in the contracts themselves, VA and its contractors could use equipment or systems from the banned Chinese companies. Federal agencies will be forbidden from working with vendors that use the banned equipment starting Aug. 13.
“The VA’s answer gives me absolutely no confidence,” Banks said at the hearing on data privacy in the VA. “I don’t believe anyone in the department actually knows what is really going on.”
VA CISO Paul Cunningham said he “stands behind” the response, which did not include a detailed accounting of the department’s or its contractor’s IT equipment. “We were answering the question that you asked,” he said.
“I think it is something we can get to and we will take appropriate action to do so,” Cunningham told FedScoop after the hearing.
Cunningham said he is confident the VA will comply with the law by the mid-August deadline. “It will take some time to go through our contracts,” he said.
