Record ZTE fine spotlights weak links in supply chain
- By Mark Rockwell
- Apr 11, 2017
A case that saw a Chinese telecommunications firm plead guilty and agree to pay a record billion-dollar fine for violating U.S. sanctions on selling network gear to Iran is a landmark for supply chain security, said William Evanina, national counterintelligence executive in the Office of the Director of National Intelligence.
In March ZTE (the combined name for two large Chinese state-owned enterprises), agreed to a record-high combined civil and criminal penalty of $1.19 billion for shipping telecommunications equipment to Iran and North Korea.
Between 2010 and 2016, ZTE sold U.S.-made equipment and software to Iran for telecommunications infrastructure, according to the Commerce Department, which set the record settlement along with the Justice and Treasury Departments.
In addition, according to the Commerce Department statement, the company logged 283 shipments of controlled routers, microprocessors, and servers to North Korea despite knowing the sales and shipments violated U.S. sanctions.
In remarks at the April 10 Intelligence and National Security Alliance conference, Evanina said the case hasn't received the attention it deserves as a cautionary tale for supply chain vulnerability and economic espionage.
"Adversaries are more brazen than ever and less afraid" to probe the United States' critical infrastructure and the technology supply chain, he said.
More high-profile headlines on leaks of intelligence data or insider threat stories tends to cloud some of the more significant news, according to Evanina.
Secretary of Commerce Wilbur L. Ross Jr. said in a statement at the time of the settlement that the new administration "will be aggressively enforcing strong trade policies with the dual purpose of protecting American national security and protecting American workers. "
The technology involved in the case, particularly the equipment sold to North Korea, is "bound to be used against us," Evanina said in his remarks. The case points to the increasing importance of the acquisition community's awareness of cybersecurity.
The Commerce Department said that investigations showed ZTE planned to export controlled items to Iran through a series of shell companies to get around U.S. sanctions. The agency also said the company formed a 13-member team in early 2016 to wipe its records clean of the transactions' traces.
The case, said Evanina, shows how insidious economic espionage and insider threats can work their way into acquisition, leveraging contractors and subcontractors.
The solution to countering the threat, he said, is a "true public/private partnership" between the federal government and companies developing and selling advanced technology.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.