Federal agencies warned of cyber-espionage coming from their landlords
U.S. law enforcement agencies may be putting themselves at risk of cyber-espionage because they are renting office space in foreign-owned buildings, according to a new report published Monday by the Government Accountability Office.
Twenty-six different FBI, Homeland Security, Secret Service and Drug Enforcement Agency offices across the country are based in buildings owned by foreign firms, the report notes. Twenty-two of the 26 offices are owned by entities licensed in non-NATO countries, including China, Israel, South Korea and Japan.
The U.S. Committee on Foreign Investment and the tenant agencies, in consultation with the GAO, have concluded that: “leasing space in foreign-owned buildings could present security risks such as espionage and unauthorized cyber and physical access.”
One-third of all “high-security leases” for agencies are in buildings where ownership information could not be ascertained by investigators.
The General Services Administration, which itself overseas leasing for many federal agencies, is renting space in 20 buildings from foreign owners.
Sen. Tammy Duckworth, D-Ill., Rep. Elijah Cummings, D-Md., and Rep. Jason Chaffetz, R-Utah, have each separately called for a GAO review.
“Our security professionals should know who owns the piping in the buildings that they occupy,” Chaffetz told CNN. “It’s an eye opener.”
An unnamed DHS foreign investment official told the GAO that “threat actors could coerce owners into collecting intelligence about the personnel and activities of the facilities when maintaining the property.”
According to the report, 9 of 14 agencies contacted by the GAO were unaware their offices were owned by foreign firms.
“Because owning property can provide access to the buildings and building systems, foreign ownership of government-leased space can pose security risks particularly regarding cybersecurity,” the report reads. “
FBI officials cited in the GAO report said that they were not concerned with building ownership being involved in any physical or cyber threat aimed at their offices.