Cyber
Tangles in China-U.S. tech supply chain are growing
It's becoming almost impossible to untangle U.S. supply chain security policy from other political and economic issues, particularly when dealing with China, cybersecurity experts say.
Representatives from the Department of Homeland Security's Information Communications Technology Supply Chain Task Force said they hope to find a consensus set of recommendations for keeping compromised or suspect parts out of the U.S. technology supply chain that avoids singling out particular countries or companies.
"What's happened -- and this is very challenging for us -- is that we have conflated national security issues with economic and trade issues, with geopolitical issues, and it's very difficult to know where one of those aspects ends and another one begins," said Robert Mayer, senior vice president of cybersecurity at USTelecom and industry co-chair of the ICT Supply Chain Task Force, speaking at a June 6 webinar hosted by Inside Security. "So we find ourselves in this cauldron of conversation where one moment it's a national security conversation, the next moment it's a trade conversation."
While the Trump administration's recent supply chain executive order, which directs the Department of Commerce to develop new rules for banning information and communications technology sales, does not mention specific countries or companies by name, it has been widely reported that the White House hopes to use the order to stop or slow the momentum of Chinese telecommunications giant Huawei in building out 5G networks around the world. In a separate action, Huawei was also placed on the Bureau of Industry and Security's entity list, forcing U.S. companies to apply for a special, rarely issued license in order to sell parts and materials to the company.
In a Washington Post survey of 100 cybersecurity experts, 61 said the ban against Huawei won't make the U.S. supply chain more secure, with many arguing it could wind up hurting U.S. tech companies more than Huawei.
Following the listing, Chinese officials announced they would be developing their own "unreliable entity list" for foreign companies. Beijing has also floated the possibility of cutting off U.S. firms from rare earth minerals that are used in many of tech products. China currently supplies about 80% of rare earth minerals imported to the United States.
Recent comments by President Donald Trump that the actions against Huawei could be reversed or softened as part of a broader trade deal with China have only further muddied the waters about whether the administration is viewing the situation strictly through a security lens.
John Miller, vice president of policy and senior counsel at the Information Technology Industry Council, concurred with that view. If new supply chain rules aren't structured the right way, he said, the potential for blowback is high.
"We have cautioned against, in other bills and other years on these types of issues, taking a blacklist approach and just naming countries or companies in legislation," said Miller. "And we've raised the possibility that it really opens [U.S. businesses] or anyone else up to potential retaliation and clearly that's happening now."
U.S. officials argue that Beijing has for decades facilitated and encouraged the widespread theft of military and civilian technology and trade secrets from American companies.
Bob Kolasky, director of the National Risk Management Center at DHS and co-chair of the ICT Supply Chain Task Force, acknowledged that the executive order, the actions against Huawei and larger trade tensions between the U.S. and China all bleed into their work, but said they don't change the overall objective the task force is working towards.
Kolasky also rejected attempts at equivalence between U.S. and Chinese companies, saying he wasn't worried about Beijing targeting unreliable companies because "American companies are trustworthy."
"We have a corporate governance system in this country that allows for transparency," Kolasky said. "And you know, China is going to make the decisions they do at the government level, but we're going to make sure we can win on transparency."
This article was first posted to FCW, a sibling site to Defense Systems.
About the Author
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.
from All Articles and Blogs http://bit.ly/2Icj8Iw
via Defens News
No comments: