Chinese-made cameras infiltrating U.S. critical infrastructure pose a direct espionage threat, bypassing bans and handing Beijing backdoor access to our energy grids and chemical plants.
Story Highlights
- DHS warns 12,000 unencrypted Chinese cameras deployed at critical sites like energy and chemicals, up 40% despite 2022 FCC import ban.
- Cameras default to China servers without encryption, enabling state-sponsored hackers to steal data, suppress alarms, and sabotage safety systems.
- March 2024 incident: Oil and gas firm cameras linked to PRC actor servers, confirming real-world exploitation.
- White-labeling evades bans; FBI notes HiatusRAT malware targeting these devices since 2020, now hitting U.S. defense.
- President Trump’s America First policies must prioritize purging Chinese tech to protect national security and infrastructure sovereignty.
DHS Exposes Chinese Camera Espionage Threat
The Department of Homeland Security issued a bulletin detailing risks from Chinese-made internet-connected cameras at U.S. critical infrastructure. These devices lack encryption and default to communicating with manufacturers in China. State-sponsored actors exploit this for initial network access. Cybersecurity and Infrastructure Security Agency urges detection tools to identify white-labeled versions evading regulations. Early 2024 data shows 12,000 cameras across hundreds of energy and chemical entities.
FCC Ban Bypassed Through White-Labeling Tactics
Federal Communications Commission banned Chinese camera imports in 2022 to counter national security risks. Deployments grew 40% from 2023 to early 2024 via white-labeling, where third parties repackage devices. This loophole sustains influx despite prohibitions. Cameras serve as entry points for cyber actors to pivot into IT networks, exfiltrate sensitive data, and disrupt operations. U.S. firms in vital sectors remain exposed to foreign manipulation.
Real-World Exploitation Confirmed in Oil and Gas
Office of the Director of National Intelligence reported March 2024 communications from cameras at a U.S. oil and gas firm to China-based servers. One server linked directly to a People’s Republic of China state-sponsored actor. Vulnerabilities date to at least 2020, with extensive targeting by hackers. FBI’s December notification highlighted HiatusRAT malware evolution from edge devices to U.S. defense servers. These incidents underscore ongoing PRC aggression against American assets.
Broader PRC Cyber Campaign Targets Infrastructure
Salt Typhoon operations hacked telecom giants like Verizon, AT&T, and Lumen for wiretap access, stealing data from millions. Chinese cameras fit this pattern of supply chain infiltration, mirroring TikTok and DeepSeek AI data pipelines to Beijing. Short-term risks include alarm suppression and sabotage; long-term effects erode IoT trust and invite disruptions. Hundreds of critical entities face immediate vulnerabilities without swift remediation.
Path Forward Under Trump Administration
DHS and CISA disseminate tools to enforce bans and purge suspect devices. Infrastructure operators must prioritize vendor compliance and network segmentation. President Trump’s second term offers momentum to strengthen supply chain security, limit Chinese tech dominance, and safeguard American sovereignty. Past Biden-era laxity allowed growth; robust enforcement now protects jobs, safety, and constitutional liberties from foreign overreach. Limited post-2024 updates highlight need for ongoing vigilance.
Sources:
Internet-connected cameras made in China may be used to spy on US infrastructure: DHS
DHS warns Chinese-made internet cameras pose espionage threat to US critical infrastructure
China Penetrated US Telecom Providers to Snoop on Wiretapping Systems
