This hearing will examine the imminent threat posed to America’s small businesses by the Chinese telecommunications firm ZTE... The hearing will also investigate ongoing efforts being made by both the public and private sectors to reduce the challenges small businesses face in dealing with illicit Chinese backed enterprises.
Here are portions of the written statements provided by the witnesses:
As someone who spent the first part of my career roaming these halls as a House staffer, it’s wonderful to be back home among friends – particularly before a Committee that is taking a sobering, bipartisan look at one of America’s greatest long-term national security threats: the threat posed by Zhongxing Telecommunications Equipment Corporation (ZTE) and Huawei to our telecommunications infrastructure.
I will start with a story to which I imagine many of you will easily relate. My former boss, House Intelligence Committee Chairman Mike Rogers, first became interested in the activities of ZTE and Huawei not because he was a former U.S. Army officer or Federal Bureau of Investigation (FBI) special agent. Initially, his interest did not even stem from his position on the Intelligence Committee, but because a Michigan company approached him with a problem.
As each of you would do, he listened to that small business owner carefully. As it turned out, Chinese telecommunications companies –ZTE and Huawei – were bidding to build cellular telephone towers in the most rural parts of Michigan, far from population centers like Detroit. This small business owner was happy to compete but said the Chinese telecoms were coming in not just under his price, but under what the materials would cost to build the towers.
That got a former FBI agent thinking: why on earth would they be doing that? More on this later.
Mr. David Linger, President & CEO, TechSolve, Inc. (Statement)
To Tony Strobl, President of Cincinnati Crane & Hoist, these cyber-attacks are war on his company and his employees. Cincinnati Crane is a very small, 20-person company, based in Southwest Ohio, that supplies turn-key crane systems, parts, and services, through hard work, innovation, and quality craftsmanship, at competitive prices to a global market. Cincinnati Crane is a veteran-owned business that has seen domestic growth of more than 400% in the last three years and was awarded the U.S. Department of Commerce Export Achievement Award in 2017. Earlier this year, Tony’s company was the victim of social engineering, or more specifically a spear phishing campaign that contained malicious macros that breached their email system; went undetected for an uncertain amount of time; embedded hidden folders within Office365® ; “spoofed” legitimate invoices that were being emailed to Cincinnati Cranes’ customers; replaced those invoices with bogus invoices providing illegitimate banking information that ultimately syphoned over $200,000 from his customers. When the Cincinnati Crane invoices had aged 30 days and collection calls were made, customer after customer told Cincinnati Crane that they had already paid their invoices.
The $200,000 that was stolen from Cincinnati Crane is unrecoverable according to the FBI. Due to Cincinnati Crane’s current financial standing, Tony had to make the devastating decision to lay off four of his employees - 20% of his company. Not only has this cyber war devastated the lives of those four families; but it has also severely hampered Tony’s capability to complete customer orders, grow, and innovate. This cyber-attack has also resulted in a devastating fluctuation in customer trust. Cincinnati Crane’s customers are afraid to conduct business with Tony. Not only are they concerned about sensitive drawings and corporate data that they have shared with Tony’s project managers; but they are also afraid to open email correspondence from Cincinnati Crane or make payments to him electronically. Even though TechSolve, and its IT sub-contractors, have scrubbed their systems and are working on long-term cybersecurity policies and procedures through remediation and adaptation of the NIST SP 800-171 cybersecurity controls, the effects of these cyberattacks continue to devastate his company and threaten its long-term viability.
Mr. Matthew G. Olsen, President, IronNet Cybersecurity (Statement)
In addition, attacks in the last few months reportedly originating from China have also targeted US satellite and geospatial imaging firms, and an array of telecommunication companies. Thus, while Chinese hacking decreased after the 2015 agreement, cyber security analysts report, according to observers, that China's nation state hackers have retooled to be more stealthy and effective in their digital espionage operations, and recent attacks indicate that China is optimizing their plans to obtain valuable information.
Importantly, the intelligence community has found that most of the “detected Chinese cyber operations against US private industry are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide.” This finding, of course, is directly relevant to the Committee’s assessment of the risk posed by ZTE and other Chinese-backed firms. […]
Similarly, in April the Defense Department determined that ZTE posed an “unacceptable risk” and banned sales of ZTE cellphones on military bases. The same month, officials in the United Kingdom cautioned that using ZTE equipment was so problematic that national security concerns “cannot be mitigated.”
For its part, ZTE has proven to be a particularly bad actor, flouting U.S. export control laws and deceiving regulators. In 2016, the U.S. government found that ZTE violated U.S. sanctions against Iran and North Korea, by using various U.S. components in systems it sold to those two countries. When the Commerce Department released its findings against ZTE in 2016, it disclosed evidence of the company’s guilt. One document, signed by several senior ZTE executives, reportedly cautioned that American export laws were a risk because the company was selling to “all five major embargoed countries — Iran, Sudan, North Korea, Syria and Cuba.” A second company document featured details on best practices to circumvent American sanctions. […]
Finally, earlier this month, the Commerce Secretary intervened and announced a deal to lift the sanctions against ZTE. The company agreed to pay a $1 billion fine and fund a new inhouse compliance team staffed by U.S. experts. This latest agreement, however, has drawn bipartisan criticism in Congress. Last week, the Senate voted to reinstate the penalties on ZTE. And a bipartisan group of Senators released the following statement: “We’re heartened that both parties made it clear that protecting American jobs and national security must come first when making deals with countries like China, which has a history of having little regard for either. It is vital that our colleagues in the House keep this bipartisan provision in the bill as it heads towards a conference.”
Tues. @whartonknows on @BizRadio111 (11A ET):— Knowledge@Wharton (@whartonknows) May 15, 2018
We look at the shift by Pres. Trump on #ZTE. Will their sanctions be lifted? And why now? @PennLaw's Jacque DeLisle, @rdasher8 and @ProfMattGold of @FordhamLawNYC discuss... pic.twitter.com/R485B5Dih7
ZTE is a threat to American #SmallBiz, to our national security, and to millions of entrepreneurs chasing their American Dream. We've got an expert panel of #NatSec experts on deck to testify today. Tune in at 11 here: https://t.co/xTfWmdoXvE— House Committee on Small Business (@HouseSmallBiz) June 27, 2018
Today’s appointment is the continuation of the unprecedented measures imposed on ZTE by the Department of Commerce. After a rigorous search by @BISgov, I am confident in Mr. Howard and his experience in compliance having tried more than 100 cases as a federal prosecutor. https://t.co/yyiZ6zw4Q1— Sec. Wilbur Ross (@SecretaryRoss) August 24, 2018
U.S. senators seek punishment if China's ZTE violates deal https://t.co/ThFmO7K9vo pic.twitter.com/6WAopIDHyL— Reuters Top News (@Reuters) September 19, 2018
No comments:
Post a Comment