Cybersecurity

Supply chain task force lays groundwork for new restrictions

cybersecurity (By Titima Ongkantong/Shutterstock.com)

Ongoing work at the federal Information Communications Technology (ICT) Supply Chain Task Force will help to inform Commerce Department regulations designed to crack down on foreign-directed threats to the U.S. telecommunications supply chain, according to a Department of Homeland Security official.

Bob Kolasky, director of the National Risk Management Center at DHS and co-chair of the ICT Supply Chain Task Force, said the group's work mapping out national critical functions -- services so vital they would disrupt the American way of life if shut down or compromised -- will underpin new rules governing when to ban transactions or sales involving foreign-made telecommunications equipment. Those efforts and the Commerce regulations are pursuant to a new White House executive order on supply chain security.

"Where are there functions that we absolutely have to have assurance that they're going to function, that the integrity and availability of the functions are going to be there, and how do the supply chains work and where are there common elements where it makes sense to deploy additional authorities?" Kolasky said at a May 16 supply chain conference hosted by the U.S. Chamber of Commerce. "And those recommendations, that assessment, will inform how the Secretary of Commerce [develops new regulations.]"

On May 15, the White House issued an executive order declaring foreign supply chain threats to the U.S. telecommunications system a national emergency and giving the Commerce secretary power to prohibit transactions involving ICT or services that are "designed, developed, manufactured, or supplied by persons owned by or controlled by or subject to the jurisdiction or direction of a foreign adversary."

While the order does not mention Huawei, the administration has been mulling the measure for more than a year as a way to address years-long national security concerns around the Chinese telecom giant, as well as similar threats from companies or entities that the U.S. government believes could pose an undue risk to telecommunications critical infrastructure.

Commerce has five months to draft new rules around the process, but administration officials said that interim regulations will be issued. On a May 15 conference call, a senior Trump administration official told reporters that Commerce "will welcome input from industry, and we'll be coordinating closely with them as we work towards more final rules down the road to implement this order."

In a more direct blow, Commerce also placed Huawei and its affiliates on the Bureau of Industry and Security's Entity List, meaning American companies must obtain a special license to sell Huawei products. Those license requests can be denied on national security grounds.

In a statement, Commerce Secretary Wilbur Ross said the action would "prevent American technology from being used by foreign-owned entities to potentially undermine U.S. national security or foreign policy interests."

U.S. officials believe the actions will significantly hamper Huawei's ability to compete in a global race to implement 5G telecommunication networks, something those officials have told allies and businesses would represent an unacceptable risk to national security. The U.S. believes that domestic laws in countries like China and Russia legally compel local businesses to aid intelligence agencies and perhaps even facilitate espionage. Huawei and other foreign companies have repeatedly denied that this is the case and demanded that the U.S. provide evidence showing they are working in tandem with their governments.

While the new restrictions have generally received praise from the U.S. national security community, they have also sparked concerns that the Chinese government could retaliate in kind.

Foreign telecoms like Huawei and ZTE often rely on American tech companies to supply parts and components for many of their products, but those dependencies can go both ways. China is the world's dominant provider of rare metals and minerals -- vital components to the production of most modern technologies. Such minerals are actually prevalent around the world, but China is one of the only countries with a robust industrial production base.

The U.S. lacks both strategic reserves for most of these minerals as well as the ability to quickly build up its own domestic mining and manufacturing process should China decide to limit access or cut off American firms from its supply.

Recognizing this vulnerability, the Government Accountability Office found in 2010 and 2016 that the Department of Defense lacked a sufficient contingency plan to replace many of the essential rare earth minerals it relies on for its technology and weapons systems. In the event of a disruption, GAO estimated it could take up to 15 years for the U.S. to build its own supply chain.

"Fortunately, these types of supply disruptions have not materialized over the last several years, but DOD's current ability to respond may not be sufficient should they materialize in the future," the 2016 GAO report said.

In 2017, the Trump administration issued an executive order to develop a national strategy for ensuring the secure and reliable supply of critical minerals.

Additionally, China could choose to implement punitive measures against U.S. companies that do business within its borders. When asked by reporters in a May 16 briefing if Beijing was considering such an action, Lu Kang, a spokesperson for China's Ministry of Foreign Affairs, did not dismiss the possibility.

"As you know, when carrying out commercial, investment and trade cooperation with other countries, China asks all Chinese companies including Huawei to observe local laws and regulations," Kang said. "But if our companies are treated unfairly, we are definitely entitled to take necessary measures to safeguard their legitimate rights and interests."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.