The Pentagon’s Joint Staff recently warned against using equipment made by China’s Lenovo computer manufacturer amid concerns about cyber spying against Pentagon networks, according to defense officials.
A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.
The J-2 report was sent Sept. 28, and also contained a warning that Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks.
The report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.
One official said Lenovo equipment in the past was detected “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering.
“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.
About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute. In April, a Chinese Academy of Sciences space imagery expert, Zhou Zhixin, was named to a senior post in the Chinese military’s new Strategic Support Force, a unit in charge of space, cyber, and electronic warfare.
China has been linked by the National Security Agency to large-scale cyber spying against both the Pentagon and American and foreign defense contractors.
Lenovo spokesman Ray Gorman said he was unaware of the Joint Staff concerns.
A Pentagon spokesman said the Defense Department has not imposed a “blanket ban” on all Lenovo products and does not blacklist suppliers or individual products.