DNI’s 2024 Annual Threat Assessment rates China as “most active and persistent threat” to U.S. government
WASHINGTON – U.S. Senator Tommy Tuberville (R-AL) joined U.S. Senator Ted Budd (R-NC) in requesting information from the Pentagon about how many of its employees have used their government devices to access DeepSeek, a Chinese AI application. In a letter to Acting Chief Information Officer at the Department of Defense (DOD), Leslie A. Beavers, the senators also pressed for information surrounding potential cyber threats from the use of DeepSeek, and what practices are being implemented to prevent future cyber security risks.
“We write to express our concern that Department of Defense (DOD) employees accessed the Chinese artificial intelligence application DeepSeek on their work devices and, as a result, Chinese servers,” wrote the senators.
“It is also our understanding, based on the DoD’s Use of Mobile Applications 2023 report, that misuse of mobile applications on DoD personnel devices may not be simply a series of isolated incidents. While our immediate concern is to understand the impact of DoD employees’ access to DeepSeek on national security, we are also interested in understanding the DoD’s policy regarding mobile device applications to the end of ensuring we are diminishing cybersecurity risks associated with certain platforms,” they continued.
Joining U.S. Senators Tuberville and Budd in sending the letter are U.S. Senators Eric Schmitt (R-MO) and Mark Kelly (D-AZ).
Read full text of the letter below or here.
“Dear Ms. Beavers,
We write to express our concern that Department of Defense (DOD) employees accessed the Chinese artificial intelligence application DeepSeek on their work devices and, as a result, Chinese servers.
We understand that the National Security Council (NSC) is currently reviewing the national security implications of DeepSeek and expect this will be an ongoing conversation between Congress, the NSC, and relevant agencies. However, in the immediate term, we request that the Department provide information regarding potential impacts to the Defense Information Systems Network (DISN) and the Department of Defense Information Network (DODIN) of the recent incident.
The office of the Director of National Intelligence’s 2024 Annual Threat Assessment states that “China remains the most active and persistent cyber threat to the U.S. Government, private-sector and critical infrastructure networks”. This is evidenced by the recent Salt Typhoon Hack, a breach of at least eight U.S. telecommunications providers, among many other reports of cyberattacks originating from China.
It is also our understanding, based on the DoD’s Use of Mobile Applications 2023 report, that misuse of mobile applications on DoD personnel devices may not be simply a series of isolated incidents. While our immediate concern is to understand the impact of DoD employees’ access to DeepSeek on national security, we are also interested in understanding the DoD’s policy regarding mobile device applications to the end of ensuring we are diminishing cybersecurity risks associated with certain platforms.
Therefore, we request answers to the following questions by no later than March 4, 2025.
- How many Department employees connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
- Has the DeepSeek app now been deleted from all DoD devices? If not, what steps will you take to ensure the DeepSeek app is removed from all DoD devices?
- What steps have been made to limit access on DoD devices to only those applications with a justified and approved need?
- What is the Defense Information Systems Agency’s (DISA’s) initial assessment about whether Chinese servers were able to access and exfiltrate sensitive information due to Department personnel use of DeepSeek?
- How has the use of the DeepSeek app by Department personnel impacted the operational and cybersecurity risks to the DISN as well as the DODIN?
- What guidance or training has DISA shared with Department employees regarding accessing Chinese AI app DeepSeek or any other Chinese-affiliated app?
- We understand that the Navy issued guidance against using open-source AI systems for official work. What guidance (if any) are the other services and/or the Department issuing to employees?
- What is DISA’s process for assessing which networks, websites and or applications have a connection to the People’s Republic of China and what are DISA’s standard operating procedures when made aware of such a connection?
- What action (if any) has been taken regarding the DoD employees who connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
- Have all of the recommendations from Management Advisory: The DoD’s Use of Mobile Applications (Report No. DODIG-2023-041) been implemented? If not, why not?
Thank you for your consideration and we look forward to hearing from you and working with the Department of Defense to keep our networks safe from persistent cyber threats.
Sincerely,”
Senator Tommy Tuberville represents Alabama in the United States Senate and is a member of the Senate Armed Services, Agriculture, Veterans’ Affairs, HELP, and Aging Committees.
###
