State and local govs keep using Chinese telecom products despite federal ban, report finds

A Georgetown University think tank found many state and local agencies have bought devices made by Chinese firms banned from federal sales.
Chinese flag
The Chinese flag flies near the China World Trade Center Tower 3 in Beijing on Nov. 29, 2021. (Greg Baker / AFP / Getty Images)

Nearly 1,700 state and local government agencies and education institutions have since 2015 purchased telecommunications products manufactured by Chinese firms banned from doing business with the federal government, according to research published Wednesday by a Georgetown University think tank.

According to the report, from Georgetown’s Center for Security and Emergency Technology, 1,681 state and local governments nationwide spent about $45 million on equipment made by five firms — Huawei, ZTE, Hikvision, Dahua and Hytera — even as the U.S. has since 2018 banned federal agencies from doing so, citing those companies’ potential as conduits for espionage.

But the Federal Communications Commission’s “Covered List” — which was expanded earlier this year to include the Russian cybersecurity firm Kaspersky — does not apply to state and local entities. The Georgetown researchers found that state, local and educational organizations have continued to buy the otherwise-barred equipment, including smartphones and networking devices, because it’s often cheaper than competing, non-Chinese products.

The report’s authors wrote that security risks surrounding companies on the blacklist should outweigh any cost savings.


“Each piece of covered equipment represents a potential entry point into users’ networks, regardless of its cost,” the report reads. “The fact that untrustworthy technology was integrated into the networks of nearly 1,700 state and local government entities is far more relevant to national security than the total transaction value.”

In total, CSET researchers collected procurement information from 938 public schools, 482 local agencies, 161 public universities and 49 state governments, plus smaller numbers of public utilities, health agencies, transit systems and judiciaries.

Nearly 1,500 of the organizations studied made fewer than five purchases over the years, though some orders stood out. A midsize public university in Michigan spent $15.1 million on Huawei networking equipment, while two school districts in Arkansas each spent about $1 million on surveillance systems made by Hikivision.

The overall number of transactions with the banned companies has declined since the Covered List went into effect, dropping from nearly 1,200 in 2018 to slightly more than 600 last year. Still, few states have crafted policies mimicking the federal approach.

Just five — Florida, Georgia, Louisiana, Texas and Vermont — have adopted laws or executive orders restricting the Chinese companies. But even with those policies, CSET’s researchers found loopholes. A Texas law adopted last year bans direct purchases from the banned manufacturers, but allows agencies to buy them from third-party distributors, noting a Texas school district that spent $550,000 on two-way radios made by Hytera.


“If the goal of a procurement ban is to keep compromised equipment and services out of government networks, it must target the product, not the seller,” the report reads.

The authors recommend that the Commerce Department use authority created by the Secure Technology Act, a 2018 federal law aimed at reducing supply-chain risks, to ban the listed companies from the entire U.S. market. The report also recommended the federal government support “rip-and-replace” programs to swap out prohibited devices for alternatives made by more trusted manufacturers.

Axios reported earlier this month that the FCC plans to ban all new U.S. sales of certain products made by Huawei, ZTE and the other listed companies.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts