White House cyber chief warns on IP theft

Rob Joyce cautioned that requirements by foreign powers to review IT source code of U.S. vendors could lead to intellectual property theft.

Rob Joyce NSA/WH
 

White House Cybersecurity Coordinator Rob Joyce said that foreign laws could put U.S. vendors at risk for intellectual property theft.

White House Cybersecurity Coordinator Rob Joyce said commercial tech companies trying to expand in other countries could be putting American innovation at risk by acquiescing to government requests to see their source code.

“I’m very worried about the protectionist rules that are going up in a lot of countries” where tech companies can’t enter a nation’s market without “offering up” intellectual property, Joyce said at the Washington Post’s Oct. 3 Cybersecurity Summit in Washington, D.C.

Joyce's comments came in response to a Reuters report detailing how Hewlett Packard Enterprise allowed a Russian defense agency to review code used to protect the Pentagon’s computer networks. “It’s a problem for the free and open internet that we designed and pushed out for the world’s benefit.”

Joyce named Russia and China as some of the governments that are employing measures that require prospective tech companies to reveal their source code.

"The security aspects of those disclosures are problematic," he said, but "I’m a little more worried about it from the intellectual property point of view of our innovation than I am the security side of it…. If you give your source code to China as a condition of entering that market, you’ve got to wonder if competitors are then going to start to adapt those features, and we’ve seen some examples of that in the past. And that really concerns us.”

Joyce also addressed the recent Department of Homeland Security ban on Kaspersky anti-virus products, saying that history suggests vigilance of Russian vendors.

“We have plenty of examples of Russian companies being compelled and cooperating with Russian intelligence, and there's even a law requiring participation in intelligence activities by those communications and computer companies in Russia. So as that data comes off your machine and back to Russia, it’s vulnerable and available," he said. "We looked at that and made a risk decision that we can’t tolerate these on government networks.”

Joyce declined to comment on whether there was evidence that Russia tried to siphon information from government computers via Kaspersky, saying that using the software on sensitive government networks would be a “bad decision.”

Joyce also expounded on a plan to insert more public disclosure in the Vulnerabilities Equities Process, in which government agencies decide to stockpile or disclose flaws and bugs they have discovered in commercial systems.

"It’s clear to me from some of the public discussion on the Vulnerabilities Equities Process that that process is not well understood, and that’s our fault in the executive branch,” Joyce said. "In the previous administration, that was an executive privilege run out of the White House process, where the charter, the participants and the decision criteria weren’t made public.”

Joyce said after taking the cyber coordinator position in March he started asking "why we can't talk about this."

“There wasn’t a good reason,” he said, so the White House is finalizing a public charter that will detail the criteria used in the process, the participating agencies and the reasons why a vulnerability was patched, disclosed or withheld for intelligence purposes.

Additionally, Joyce said the White House is working with different agencies on developing alternatives to the Social Security number as an identifier in light of the Equifax breach that exposed personal and financial data on more than 145 million consumers. “The Social Security number has outlived its usefulness,” said Joyce, who noted that he’s aware of four instances when his Social Security number was compromised.

"There are technologies we can look at … a public private key, something I can use publicly but not put the information at risk, something that can be revoked if it’s known to be compromised," he suggested. "How many people here today have changed your Social Security numbers knowing the Equifax breach happened? Nobody."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.