.png)
Washington, D.C. — In a closed-door session on Wednesday, representatives from Arcadis, the American Water Works Association (AWWA), and the Cybersecurity and Infrastructure Security Agency (CISA) met privately with members of the House Select Committee on the Chinese Communist Party to address growing concerns over Chinese-manufactured Internet of Things (IoT) components embedded in U.S. critical infrastructure.
The confidential briefing, described by one congressional aide as “urgent and sobering,” centered on the widespread use of Chinese-made cellular IoT modules in water utilities, energy grids, and transportation systems. Lawmakers were reportedly presented with technical data showing how these modules—often sourced through third-party vendors and OEMs—may be vulnerable to external manipulation or covert data transmission.
“These devices aren’t just passive sensors,” one committee member said afterward. “They’re fully networked endpoints, capable of receiving instructions. In the wrong hands, that makes them a vector—not just a vulnerability.”
Representatives from Arcadis emphasized that many infrastructure projects unknowingly deploy foreign-made modules during procurement phases, especially when devices are bundled into commercial hardware packages. AWWA, which represents thousands of water utilities nationwide, echoed concerns about the lack of visibility and traceability in the current supply chain environment.
CISA officials shared preliminary findings from ongoing audits across sectors, including several instances where compromised components had to be manually removed and replaced. The agency warned that while there is no confirmed incident of hostile exploitation to date, “the potential for widespread disruption exists and is escalating.”
The committee is now weighing options that include mandatory country-of-origin disclosures for all IoT devices deployed in critical systems, as well as restrictions or phased bans on unvetted foreign hardware in federally funded projects.
Meanwhile in Brussels, European officials are conducting their own internal reviews. According to sources inside the European Commission, several infrastructure audits have revealed Chinese-made IoT modules embedded within key energy, water, and transportation systems across member states.
“This issue has evolved beyond telecom,” said an EU security official. “We're finding hardware tied to Chinese firms in everything from hospital ventilation systems to smart grid relays. The supply chain is deeply compromised.”
The European Union is expected to propose a continent-wide directive requiring stricter hardware sourcing standards for all critical infrastructure projects. Member states such as Germany, France, and the Netherlands are lobbying for a centralized blacklist of high-risk manufacturers and a formal certification program for all imported industrial IoT technology.
While the United States and EU sometimes diverge on the balance between regulation and innovation, both now appear to agree on one thing: securing the future means knowing what’s already embedded in the present—and who may be listening.