The United States Government’s General Services Administration (GSA) supposedly used “egregiously flawed” and “misleading” market research to justify the procurement of Chinese electronics that did not comply with the US’ trade standards.
The revelation comes from a whistleblower within the GSA. Their report highlights the importance of accurate data and data science literacy within the procurement function—whether public or private sector.
The GSA’s Office of the Inspector General was reportedly contacted by a GSA employee in 2022. The employee reached out to highlight the fact the agency had purchased 150 Chinese-manufactured video conference cameras.
The cameras, manufactured in China, were not compliant with the Trade Agreements Act of 1979 (TAA). According to the Office of the Inspector General, the GSA’s Office of Digital Infrastructure Technologies “misled a contracting officer with egregiously flawed information”.
The contracting officer in question “requested information from GSA IDT to justify its request for the TAA-noncompliant cameras, including the existence of TAA-compliant alternatives and the reason for needing this specific brand. In response, GSA IDT provided misleading market research in support of the TAA-noncompliant cameras and failed to disclose that comparable TAA-compliant alternatives were available.”
The cameras puchased by the US government were also a make and model with “known security vulnerabilities that need to be addressed with a software update.” However, the report found that the cameras had not received the update, remaining susceptible to interference. Allegedly, the equipment can be remotely accessed, an exploit which allows them to be turned into “rogue wireless network gateways”. Then, hackers can exploit these gateways to secretly infiltrate the camera owners’ networks.
The misstep calls into questions whether other areas of US government procurement are sourcing unsafe technology.
Public procurement presents a critical weak point
Public procurement—being lumbered with long, opaque, and potentially vulnerable source-to-pay supply chains—is a particularly glaring weak point in governmental institutions.
This threat is not merely present in the US government’s procurement process, however. In the UK, a post on the Crown Commercial Services website asserts that “With cyber criminals targeting supply chains … procurement can be an increasing concern for the public sector. For example, the NHS has an extremely complex supply chain and relies on a large range of suppliers. These companies are critical to maintaining our health service, however, with criminals often targeting the weakest link within supply chains, they also pose significant risk.”