CYBERSECURITY
Commerce proposes supply chain security rules
On the heels of new rules at the Federal Communications Commission that limit the use of Chinese-made telecommunications gear in U.S. infrastructure, the Department of Commerce proposed new regulations to identify, evaluate and address transactions involving such hardware.
On Nov. 26, the Commerce Department rolled out a proposed rule that would back the White House’s executive order to secure information and communications technology and services supply chains. The rule would require the Commerce secretary to evaluate individual telecommunications gear transactions, using a “case-by-case, fact-specific approach” to determine which transactions might be blocked or altered, the agency said. Those determinations would be based on assessments developed by the Department of Homeland Security and national intelligence agencies.
The Commerce Department said it will notify parties engaged in any transaction it may deem having a “risk of public harm” or a danger to national security. Those parties, it said, can submit their arguments for consideration, and the Commerce secretary will then issue an unclassified final determination on the deal.
Comments on the Commerce Department’s proposal are due in 30 days, the agency said.
The White House issued an executive order last May tasking the Commerce Department with crafting the specific rules to protect IT and communications supply chains. The executive order cited the International Emergency Economic Powers Act and the National Emergencies Act, after finding “foreign adversaries” were set on using IT and communications gear to infiltrate U.S. telecommunications infrastructure for potential cyberattack as well as economic and industrial espionage.
The proposed rules are the latest move in a bid to blunt the infiltration of telecommunications gear made by Huawei and ZTE, particularly emerging wireless 5G equipment into the U.S. critical infrastructure.
Federal regulators, intelligence and law enforcement officials have said that given Huawei and ZTE’s close relationship and legal obligations to the Chinese government, their gear poses a threat to telecommunications infrastructure, as well as to national security. They say the equipment may have backdoors that could allow the Chinese government to meddle with U.S. critical network infrastructure or open the door to massive, crippling data theft.
On Nov. 22, the FCC blocked use of the $8 billion Universal Service Fund, which is tapped primarily by small and rural telecommunications companies, to buy Huawei and ZTE equipment. It also proposed rules to require companies that have already installed the suspect equipment to remove it.
About the Author
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.