The Vermont state government is taking steps to ban products made by Chinese and Russian tech firms that could leave them vulnerable to security loopholes.
John Quinn III, secretary of the Vermont IT department known as Agency of Digital Services (ADS), published a Feb. 19 directive for all state executive branch agencies, departments, offices, and vendors to stop using products made by Chinese tech firms Huawei, ZTE, Hikvision, Hytera, and Dahua, as well as Russia-based cybersecurity firm Kaspersky.
“The intent is to make sure that this type of equipment can’t be used against us to steal information or be the front for a cyber-attack against us,” Quinn told the Burlington Free Press on Feb. 20.
The state will no longer be allowed to purchase products from those companies, while those currently using such products must report their existence to ADS within 30 days, and remove them within 90 days.
Huawei is one of the world’s largest manufacturers of telecoms equipment and consumer electronics. Western governments have in recent months alleged that its equipment can contain backdoors that enable unauthorized surveillance by the Chinese regime.
Huawei’s chief domestic competitor ZTE has also been scrutinized over its close ties to the Chinese regime. Last year, ZTE faced a U.S. import ban after it was found to have breached agreements related to its violations of U.S. sanctions on Iran and North Korea.
Meanwhile, China’s Hytera Communications, one of the world’s largest manufacturers of radio transceivers, was banned in January from importing its products into the United States due to its infringement of Motorola Solutions’ U.S. patents, according to the U.S. International Trade Commission.
And Hangzhou Hikvision Digital Technology, a manufacturer of video surveillance products, is a key supplier to the Chinese regime’s mass surveillance system that monitors and tracks citizens in real time via artificial intelligence technology, including in the Xinjiang region where Uyghur Muslims are heavily persecuted. Since 2016, several British media, quoting former MI6 officers and security ministers, have reported security concerns about using Hikvision products in U.K.
Hikvision’s competitor, Dahua Technology, has also shown a tendency for security vulnerabilities.
Motherboard reported in Sept. 2016 that about 1.5 million Dahua internet-connected security cameras were infected with malware and turned into a botnet. Using their internet connections, hackers maneuvered the cameras to visit KrebsOnSecurity.com, a cybersecurity website operated by American journalist Brian Krebs, and created a distributed denial of service (DDoS) attack that crippled the site within two days.
Kaspersky-branded products, including an anti-virus software and information security systems, have also been banned. The Vermont ADS warned that the Moscow-based company’s products have backdoors that could be exploited by Russian intelligence agencies.
“I do think it’s a smart move,” Michael Hamilton, founder of Washington State-based cyber security company CI Security, told Burlington Free Press.
Back in August 2018, U.S. President Donald Trump signed into law the John S. McCain National Defense Authorization Act, which banned the federal government from purchasing any products from Huawei and ZTE.