Air Force Memo Targets Lenovo for Supply Chain Risk

It was reported earlier this week that Chinese-owned Lenovo ‘‘‘ which has acquired IBM‘s personal computer and server businesses in recent years ‘‘‘ has been targeted by an Air Force memo that read as follows:

For immediate implementation: Per AF Cyber Command direction, Lenovo products are being removed from the Approved Products List and should not be purchased for DoD use. Lenovo products currently in use will be removed from the network.”

The Pentagon‘s press office quickly distanced itself from the memo, indicating that it was “not properly coordinated‘ and that the neither the Air Force nor the rest of the Defense Department was implementing that policy.

Certain Members of Congress chimed in on the reports of this ‘‘‘walked back‘ memo, exhorting the Pentagon to pursue a more aggressive policy to mitigate the risks associated with Lenovo and other Chinese-owned companies playing a supplier role to the Defense Department or its industrial base.  Multiple pieces of legislation on this topic are currently progressing through Congress.

Lenovo is controlled by Legend Holdings, which, itself, is partially owned by the Chinese Academy of Sciences.  IntelTrak provides the global footprint of Lenovo as well as its controlling shareholders.  This is just the latest example of Chinese SOEs running into accusations of cyber espionage-related risk.