The rapid proliferation of Internet-connected “smart” devices in US homes and infrastructure has raised concerns about the security of households and national interests.
Lawmakers are now calling for enhanced security standards to counter the escalating threats posed by cybercriminals and hostile governments.
Recent events, including ransomware attacks on the Colonial Pipeline and JBS in 2021, as well as federal warnings about foreign attacks on the US power grid, have fueled public fears about cybersecurity. Moreover, instances of hackers exploiting devices like Ring cameras to spy on individuals, particularly children, have amplified these concerns.
Rep. Mike Gallagher, Chairman of the House Select Committee on China, is part of a growing contingent of policymakers focusing on the “Internet of Things” (IoT), encompassing non-computer devices with internet connectivity. These IoT devices include smart TVs, wearable fitness trackers, doorbell cameras, thermostats, and control systems for factories and power plants. Of particular concern is the widespread use of Chinese-made cellular modules that enable these devices to connect to the internet.
Lawmakers argue that if China were to gain widespread control of these modules, it could steal sensitive US data or disrupt critical infrastructure remotely. This could potentially involve causing power brownouts by manipulating AC units en masse or taking control of self-driving vehicles and medical devices, as former Vice President Dick Cheney once warned.
In a statement to The Post, Rep. Gallagher highlighted the security risks associated with Chinese-made modules, stating that they could create a backdoor for malign Chinese government actors to compromise devices critical to American infrastructure and safety.
Chinese made
Rep. Gallagher and Rep. Raja Krishnamoorthi have urged FCC Chairwoman Jessica Rosenworcel to investigate the use of Chinese-made cellular modules. They point out that the Chinese Communist Party has significantly supported this industry and identified Quectel and Fibocom as major producers of modules widely used in various US products, including smart cities, drones, and first responder body cameras.
Rosenworcel has requested that the Justice Department, FBI, and other federal agencies assess whether components from Quectel and Fibocom pose a national security threat.
Quectel has defended its products, stating that its IoT modules do not pose security or privacy risks, emphasizing its engagement with regulators and agencies to address concerns. Meanwhile, Fibocom has yet to respond to these inquiries.
FCC Commissioner Nathan Simington, a Republican, emphasizes the gravity of state-sponsored attacks on key infrastructure, advocating for ongoing engagement between at-risk companies or operators and regulators. Simington supports the FCC’s initiative to introduce a “US Cyber Trust Mark” label for smart devices adhering to widely accepted cybersecurity standards, with regular software updates post-release.
Simington believes that such a label, set to debut next year, represents the first step toward ensuring the security of smart devices for consumers. He emphasizes the importance of meeting consumer expectations for secure devices and preventing potential cybersecurity threats, underscoring the need for accountability and regulation in this rapidly expanding field of technology.