China is everywhere—operations targeting American politicians and theft of commercial information from American companies are just two deeply established (and frankly, successful) lines of effort. While American leaders are thankfully working to close these security gaps, they are still paying inadequate attention to a major vulnerability at the state level: U.S. state governments have purchased millions of dollars' worth of technology manufactured by companies beholden to Beijing.
That the Chinese Communist Party (CCP) is actively penetrating state government systems isn't new information. Last year, cybersecurity firm Mandiant reported that Chinese hacking groups working at the CCP's direction had hacked six state government computer networks. Mandiant noted that the intruders were able to conduct this cyber breach by exploiting, in the words of the Associated Press, "a previously unknown vulnerability in an off-the-shelf commercial web application used by 18 states for animal health management." Cybersecurity expert Joseph Steinberg commented on the incident: "If we know that six states were breached by Chinese spies, it means we know 44 states probably have Chinese spies operating on their network that we don't know about."
