In the letter, the Members state, “Given the role of the Department of Homeland Security (DHS), and specifically CISA’s role as the ISA on the FASC, we urge you to consider exploring the CCP’s use of source code, including where it is located, how it is updated, and who has access to it, to infiltrate and maintain access to federal civilian and critical infrastructure ICT supply chains.”

The Members continue, “The 2023 Annual Threat Assessment of the U.S. Intelligence Community (IC) states, “Globally, foreign states’ malicious use of digital information and communication technologies will become more pervasive, automated, targeted, and complex during the next few years.”  This assessment by the IC makes clear the threat. To combat it, we must ensure companies who wish to do business with the United States Government and critical infrastructure take action to ensure their products are not compromised as a result of business dealings in China that may require sharing or review of source code by the CCP.”

The Members conclude, “Article 7 of the People’s Republic of China’s National Intelligence Law, as amended in 2018, states, “all organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”  Under this law, Chinese companies and companies who do business in China, such as ByteDance, and therefore TikTok America, are required to hand all data in its possession to the Chinese government if asked, including source code. TikTok is just one example—the pervasiveness of this issue spreads far and wide within the ICT supply chain and has the potential to increase systemic risk across critical infrastructure sectors.”

Read the full letter here.

Original source can be found here