ICYMI…

“Embedded Threats: Foreign Ownership, Hidden Hardware, and Licensing Failures in America’s Transportation Systems”

House Judiciary Subcommittee on Oversight

January 21, 2026 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony (Linked):

• Chris Spear, President and CEO, American Trucking Associations

• Rocky Cole, former intelligence analyst at the National Security Agency, co-founder of iVerify; Commentator, Fox News

• Emily de La Bruyère, Senior Fellow, Foundation for Defense of Democracies

• Robert Knake, Former Deputy National Cyber Director for Management and Budget, Office of the National Cyber Director

HEARING HIGHLIGHTS

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS

• Chair Van Drew framed the hearing as an examination of control over America’s transportation systems and the consequences of ceding that control to foreign entities. He emphasized that electronic toll systems and other transportation technologies generated detailed data on Americans that was increasingly stored or managed by foreign-controlled companies. He highlighted New Jersey’s use of a foreign-operated toll system despite a lower domestic bid, arguing that this choice increased costs while reducing accountability and security. He further warned that U.S. infrastructure relied heavily on Chinese-manufactured components, including cameras and sensors that lacked adequate cybersecurity protections. Chair Van Drew also criticized federal and state policies that allowed commercial driver licenses to be issued to individuals lacking English proficiency, citing fatal crashes as evidence of the resulting safety risks. He concluded that American roads, data, and safety standards must remain under American control to protect public safety.

• Ranking Member Crockett thanked the witnesses and characterized the hearing as a serious national security discussion on foreign threats to transportation infrastructure. She warned that foreign-manufactured systems embedded in highways and transportation networks had been found to contain spyware capable of collecting data, hacking government systems, or causing outages. She argued that cyber espionage and supply chain infiltration posed major risks to critical infrastructure nationwide. She sharply criticized the Trump administration for dismantling federal cybersecurity institutions, including the Cybersecurity and Infrastructure Security Agency and other interagency coordination bodies. She emphasized that public–private partnerships were essential for cybersecurity but noted that Congress had failed to reauthorize key information-sharing laws. Ranking Member Crockett concluded that the greatest threat to national security was not foreign investment or immigration, but the erosion of cybersecurity capacity at the highest levels of government.

• Ranking Member Raskin agreed that foreign cyber threats to transportation infrastructure warranted serious oversight and commended the chairman for convening the hearing. He described China and Russia as malign actors engaged in cyber espionage and warned that increasingly complex transportation technologies expanded the attack surface for foreign infiltration. He argued, however, that the discussion could not be separated from what he viewed as the Trump administration’s systematic weakening of national security safeguards. He cited staffing cuts at cybersecurity agencies, the elimination of foreign influence task forces, and disruptions to military leadership as undermining infrastructure security. He further alleged that the administration’s foreign policy decisions had strengthened China’s global influence while weakening U.S. credibility. Ranking Member Raskin concluded that addressing technological vulnerabilities required acknowledging the broader political and institutional context affecting national security.

SUMMARY OF WITNESS STATEMENTS

• Ms. De La Bruyère testified that the Chinese Communist Party sought to control global resource markets, information flows, and supply chains in order to exert strategic dominance. She explained that transportation systems were central to China’s military-civil fusion strategy because they supported industrial activity, social stability, and military mobilization. She warned that modern transportation technologies increasingly relied on data, making every embedded component or software system a potential backdoor for espionage or disruption. She emphasized that Chinese firms dominated key technologies such as LIDAR, which were already embedded in U.S. airports, bridges, intersections, and vehicle systems. She argued that these components posed risks of data collection, market manipulation, and remote shutdowns at Beijing’s direction. She concluded that the United States must restrict federal incentives for systems using Chinese technology, tighten investment review rules, protect data sovereignty, and rebuild trusted domestic and allied supply chains.

• Mr. Cole testified that embedded threats in transportation systems should be understood as part of a broader adversarial cyber strategy targeting U.S. critical infrastructure. Drawing on his cybersecurity experience, he explained that Chinese and Russian cyber operations had shifted from intelligence collection toward pre-positioning for disruptive attacks. He warned that China had embedded sleeper software within infrastructure systems to enable sabotage during a future conflict. He described campaigns that targeted energy, water, transportation, telecommunications, toll systems, and commercial driver license databases. He argued that the United States lacked a unified defensive posture due to fragmented regulation and reliance on voluntary standards. He urged Congress to strengthen cyber authorities, mandate resilience requirements, impose liability on software manufacturers, and phase out Chinese hardware from sensitive systems.

• Mr. Spear testified that safety was foundational to the trucking industry and that the overwhelming majority of truck drivers met rigorous professional standards. He stated that years of lax enforcement had undermined the integrity of the commercial driver license system, exposing serious vulnerabilities in training and licensing. He explained that fraudulent CDL programs and improper state practices had allowed unqualified drivers onto the road, contributing to preventable tragedies. He praised recent federal actions to remove noncompliant training providers and emphasized that audits and oversight were essential to restoring accountability. He warned that noncompliant electronic logging devices posed safety and cybersecurity risks by enabling falsified records and potential foreign access to supply chain data. He also raised concerns about illegal cross-border freight practices and Department of Defense shipments being awarded to unvetted carriers.

• Mr. Knake testified that there was broad bipartisan agreement within the cybersecurity community on the seriousness of embedded threats to critical infrastructure. He emphasized that while several adversaries posed cyber risks, China presented a unique challenge due to its dominance in electronics manufacturing and global supply chains. He warned that China could disrupt U.S. access to critical goods, minerals, and components during a conflict. He argued that onshoring alone was insufficient and stressed the need to “trust but verify” all supply chains, including those involving U.S. companies and allies. He explained that transshipment and opaque sourcing allowed compromised components to enter trusted systems undetected. He concluded that the United States must ban untrusted technologies where necessary, subsidize replacements, and invest in verification capabilities to ensure system security.

SUMMARY OF KEY Q&A

• Rep. Onder asked why reliance on Chinese-manufactured electronic components embedded in U.S. transportation and power infrastructure posed a national security threat. Ms. De La Bruyère responded that such components enabled Chinese access to sensitive data, information manipulation, supply chain leverage, and the ability to disrupt or shut down systems.

  Rep. Onder asked whether most U.S. transportation and infrastructure sectors depended on foreign-manufactured electronics. Ms. De La Bruyère answered that nearly all sectors did, including EV charging, tolling, rail, ports, data centers, and grid infrastructure.

  Rep. Onder raised concerns about Chinese-made batteries and EV systems being remotely disabled. Mr. Cole stated that cybersecurity standards for EVs and related systems were largely nonexistent and could be exploited to block roads or disrupt mobility during a conflict.

• Rep. Johnson questioned whether weakening cybersecurity agencies undermined protections for transportation infrastructure. Mr. Cole responded that cutting cybersecurity capacity was harmful given escalating threats.

  Rep. Johnson asked whether the lack of a major transportation cyberattack meant the risk was overstated. Mr. Knake answered that adversaries had already conducted intelligence collection and pre-positioning, but had not yet activated disruptive attacks.

• Chair Van Drew asked how weakened enforcement of federal CDL and English proficiency requirements affected road safety. Mr. Spear responded that inconsistent enforcement allowed unqualified drivers to operate heavy trucks, directly undermining public safety.
  Chair Van Drew asked whether stronger enforcement could have prevented fatal crashes cited earlier. Mr. Spear answered that many of those crashes likely would not have occurred if federal standards had been enforced.

  Chair Van Drew asked whether Congress needed to act legislatively. Ms. De La Bruyère supported restricting federal incentives and procurement involving Chinese technology. Mr. Cole urged expanded cyber authorities, resilience funding, and data sovereignty legislation. Mr. Spear called for Congress to codify uniform English proficiency requirements for CDL holders. Mr. Knake emphasized closing regulatory gaps to enable comprehensive oversight of embedded cyber risks.

• Ranking Member Crockett challenged the emphasis on English proficiency and criticized the administration’s dismantling of cybersecurity advisory structures. Mr. Knake explained that DHS advisory committees enabled essential public–private coordination on cybersecurity.
  Ranking Member Crockett asked whether eliminating those committees weakened national resilience. Mr. Knake responded that collaboration mechanisms should have been expanded rather than eliminated.
  Ranking Member Crockett asked about risks posed by Chinese-manufactured port cranes and embedded communications technology. Mr. Knake answered that such systems enabled monitoring, control, and potential disruption, and should have their electronics replaced with trusted components.
  Ranking Member Crockett asked what solutions existed given cost and supply constraints. Mr. Knake stated that government investment was necessary to retrofit critical infrastructure where markets would not act.

• Rep. Gill asked whether prior federal guidance weakening CDL enforcement constituted a regulatory failure. Mr. Spear responded that the guidance cost lives by allowing unqualified drivers to operate heavy commercial vehicles.
  Rep. Gill asked how Congress could prevent unsafe trucking companies from reconstituting under new names. Mr. Spear answered that Congress should strengthen federal authority to clean carrier registries and enforce uniform interstate standards.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.