Washington, D.C. — Today, Senators Ted Budd (R-NC), Eric Schmitt (R-MO), Mark Kelly (D-AZ), and Tommy Tuberville (R-AL) sent a letter to Acting Chief Information Officer at the Department of Defense, Leslie A. Beavers, requesting information on, “how many Department employees connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application”.
We write to express our concern that Department of Defense (DOD) employees accessed the Chinese artificial intelligence application DeepSeek on their work devices and, as a result, Chinese servers.
We understand that the National Security Council (NSC) is currently reviewing the national security implications of DeepSeek and expect this will be an ongoing conversation between Congress, the NSC, and relevant agencies. However, in the immediate term, we request that the Department provide information regarding potential impacts to the Defense Information Systems Network (DISN) and the Department of Defense Information Network (DODIN) of the recent incident.
The office of the Director of National Intelligence’s 2024 Annual Threat Assessment states that “China remains the most active and persistent cyber threat to the U.S. Government, private-sector and critical infrastructure networks”. This is evidenced by the recent Salt Typhoon Hack, a breach of at least eight U.S. telecommunications providers, among many other reports of cyberattacks originating from China.
It is also our understanding, based on the DoD’s Use of Mobile Applications 2023 report, that misuse of mobile applications on DoD personnel devices may not be simply a series of isolated incidents. While our immediate concern is to understand the impact of DoD employees’ access to DeepSeek on national security, we are also interested in understanding the DoD’s policy regarding mobile device applications to the end of ensuring we are diminishing cybersecurity risks associated with certain platforms.
Therefore, we request answers to the following questions by no later than March 4, 2025.
- How many Department employees connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
- Has the DeepSeek app now been deleted from all DoD devices? If not, what steps will you take to ensure the DeepSeek app is removed from all DoD devices?
- What steps have been made to limit access on DoD devices to only those applications with a justified and approved need?
- What is the Defense Information Systems Agency’s (DISA’s) initial assessment about whether Chinese servers were able to access and exfiltrate sensitive information due to Department personnel use of DeepSeek?
- How has the use of the DeepSeek app by Department personnel impacted the operational and cybersecurity risks to the DISN as well as the DODIN?
- What guidance or training has DISA shared with Department employees regarding accessing Chinese AI app DeepSeek or any other Chinese-affiliated app?
- We understand that the Navy issued guidance against using open-source AI systems for official work. What guidance (if any) are the other services and/or the Department issuing to employees?
- What is DISA’s process for assessing which networks, websites and or applications have a connection to the People’s Republic of China and what are DISA’s standard operating procedures when made aware of such a connection?
- What action (if any) has been taken regarding the DoD employees who connected their work computers and/or mobile devices to Chinese servers via the DeepSeek Application?
- Have all of the recommendations from Management Advisory: The DoD’s Use of Mobile Applications (Report No. DODIG-2023-041) been implemented? If not, why not?
Thank you for your consideration and we look forward to hearing from you and working with the Department of Defense to keep our networks safe from persistent cyber threats.
###
