Navy Exchange Warned that Sales of Popular Computer Brand Are a Potential Security Threat

by Braxton Taylor

A leading brand of personal computers that is sold in Navy Exchange stores is coming under fire by a House panel focused on competition with China.

In a letter to the Navy Exchange Service Command released Thursday, House China Committee Chairman Mike Gallagher, R-Wis., called for “immediate action” to pull Lenovo products from stores. Gallagher pointed to past regulatory scrutiny of the company and argued the computers pose a cybersecurity risk because the largest single shareholder is a Chinese entity.

“The exchange should not be selling Lenovo products to U.S. service members, let alone incentivizing such purchases with tax-free, discounted prices,” Gallagher wrote in the letter to Navy Exchange Service Command CEO Robert Bianchi.

Read Next: Army Identifies Soldiers Killed When Their Transport Vehicle Flipped on Way to Alaska Training Site

“Doing so creates a major cybersecurity threat and undermines the U.S. Department of Defense’s 2023 Cyber Strategy, which commits to ‘foster[ing] a culture of cybersecurity and cyber awareness,'” Gallagher added.

An exchange spokesperson did not immediately respond to Military.com’s request for comment about the letter.

The letter is the latest example of lawmakers expressing concern over Chinese products in military exchanges. The House’s version of this year’s annual defense policy bill includes a provision to ban the sale of items manufactured, assembled or imported from China at commissaries or exchanges. A similar provision was included in last year’s defense bill, too, but did not become law.

Lenovo is the most popular PC brand in the world and the third most popular in the U.S., according to technology research firm Gartner.

The company’s largest shareholder is a Chinese investment firm called Legend Holdings Corp., which itself is under the umbrella of China’s national Chinese Academy of Sciences.

U.S. regulators have raised security concerns about Lenovo in the past.

In 2018, the Federal Trade Commission settled with Lenovo over allegations that it preloaded software on some laptops in order to deliver ads to consumers. The software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities,” the FTC said at the time.

As part of the settlement, Lenovo is required to get consumers’ affirmative consent before pre-installing any similar software and has to implement a comprehensive software security program for 20 years that is subject to third-party audits.

In addition to the FTC complaint, Gallagher also highlighted a 2018 report from a congressionally chartered panel called the U.S.-China Economic and Security Review Commission that alleged Lenovo “has been linked to Chinese state-led cyberespionage efforts.” Among the examples cited in the report was a 2015 decision by the Navy to replace servers on the Aegis Combat System after Lenovo acquired the server line from IBM.

“PRC espionage campaigns are highly sophisticated and could certainly target U.S. service members on their personal computer and IT devices,” Gallagher wrote. “We are concerned that these actors could gain access to service members’ sensitive personal information and exploit this access to compromise U.S. national security.”

He asked for his committee, which is officially called the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party, to be briefed on the Navy Exchange’s decision to sell Lenovo products by Oct. 20.

— Rebecca Kheel can be reached at rebecca.kheel@military.com. Follow her on X @reporterkheel.

Related: ‘Hundreds’ of Service Members Are Being Solicited by China for Insider Info, Air Force Says

Story Continues

Read the full article here

You may also like

Leave a Comment