The Trump administration took its most aggressive action to date Wednesday to bar Chinese companies from access to Americans’ sensitive data and digital systems.
The president’s executive order gave the Commerce Department sweeping authority to ban U.S. information and communications technology companies from doing business with any foreign company it deems a threat to national security, as my colleagues Ellen Nakashima and Josh Dawsey reported.
And while the initial target seems to be Huawei — the Chinese telecom giant that’s among just a handful of global providers of next-generation 5G wireless technology — the administration could swing much more broadly. Indeed, senior administration officials addressing the media declined to speak about Huawei directly and stressed the order could be applied to numerous companies.
The move comes as officials from the Department of Homeland Security and the intelligence community are decrying Chinese hacking as the most nettlesome challenge in cyberspace and as the U.S. government is working with industry on broad plans to block foreign threats to numerous industry sectors. That could include publishing lists of acceptable vendors.
It also comes as the Trump administration is engaged in a tit-for-tat trade dispute with China with both countries raising tariffs on the other’s goods. Moves to restrict Chinese companies on national security grounds are sure to push a grand bargain on trade even further away.
The executive order was expected over a year ago, but it was blocked by the National Economic Council while trade negotiations were ongoing, Ellen and Josh reported. When those talks hit an impasse last week, the council dropped its objections, an official told them.
The Commerce Department also, on Wednesday, added Huawei and 70 of its affiliates to a list that requires government approval before it can buy components from U.S. companies, a move that will make it highly difficult for Huawei to sell some products, Reuters reported.
The White House, meanwhile, touted the executive order as a national security necessity with no mention of trade.
“The President has made it clear that this administration will do what it takes to keep America safe and prosperous, and to protect America from foreign adversaries who are actively and increasingly creating and exploiting vulnerabilities in information and communications technology infrastructure and services in the United States,” press secretary Sarah Sanders said in a statement.
The order — which will take effect within 150 days — may also help the administration’s rocky efforts to encourage allies to bar Huawei from their nascent 5G networks, Ellen and Josh reported, but it will be an uphill climb.
Administration officials have been crossing the globe in recent months urging allies to block Huawei and even threatening to withhold some intelligence sharing if the Chinese company wins those nations’ 5G contracts.
Those pleas have had limited success in Europe, however, and even Canada appears poised to go its own way on Huawei.
The U.S. government’s general position is that the Chinese government could force Huawei to steal secrets from U.S. companies or government agencies or to sabotage them during a broader conflict — even if the company didn’t want to.
The danger of sabotage will grow substantially with 5G, they say, because the super-fast networks will enable far more things to be connected to wireless Internet — including advanced medical technology and driverless cars — that could cause severe damage or even deaths if they were corrupted.
“This moves from a data confidentiality issue to a life-safety issue,” Chris Krebs, director of the DHS's Cybersecurity and Infrastructure Security Agency, told senators during a Judiciary Committee hearing Tuesday.
Huawei officials, meanwhile, say they’ve never assisted Chinese spying and would refuse any request to do so — from any nation.
Huawei Chief Security Officer Andy Purdy told me on Tuesday — before the executive order was issued — the U.S. government’s concerns can be addressed by rigorous testing. Purdy, who was a top DHS cybersecurity official during the George W. Bush administration, added that all telecoms offering 5G technology should undergo similar testing because even accidental vulnerabilities can be exploited by a nation’s adversaries.
“We'd welcome the opportunity to talk to these folks, to talk about policy and to help them understand the nature of the risks,” he said.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: The Senate is unlikely to vote on any election security bills this Congress despite intelligence agencies' warnings that Russian hackers will probably try to undermine the 2020 election as they did in 2016, Senate Rules Committee Chairman Roy Blunt (R-Mo.) said Wednesday.
Blunt made the comments during a Rules Committee hearing, saying there’s no point in his committee considering election security bills because Senate Majority Leader Mitch McConnell (Ky.) won’t allow a floor vote on them. That was in response to a question from Senate Minority Whip Dick Durbin (D-Ill.).
Politico’s Eric Geller recounted the exchange on Twitter:
Durbin: Why is that?— Eric Geller (@ericgeller) May 15, 2019
Blunt: "I think the majority leader just is of the view that this debate reaches no conclusion, and frankly, I think the extreme nature of H.R. 1 from the House even makes it less likely that we’re going to have that debate."
H.R. 1 was a catch-all Democratic House bill that mandated election security reforms as well as increased voter access and other progressive priorities.
Sen. Ron Wyden (D-Ore.) introduced an election security bill popular with Democrats this week that would mandate paper ballots, post-election audits and minimum cybersecurity standards for state and local election systems. A bipartisan election security bill with fewer mandates sponsored by Sen. James Lankford (R-Okla.) is expected later this month.
PATCHED: The FBI has offered to brief 2020 presidential candidates on counterintelligence threats after a Russian hacking and disinformation campaign that aimed to undermine the 2016 contest, CNN’s Donnie O’Sullivan, Evan Perez and Kevin Collier reported.
“The Democratic National Committee has also scheduled a separate briefing, developed with the help of a former intelligence officer, for this week with Democratic presidential campaigns to provide basic counterintelligence training” and is “encouraging campaigns to work with FBI field offices,” CNN reported.
The FBI has also briefed the Republican National Committee and plans to brief the Trump campaign, according to the report.
PWNED: Lawmakers want the State Department to check the spread of hacking tools and know-how from the United States to other nations, Reuters’s Christopher Bing and Joel Schechtman reported.
The move comes after a Reuters report about former hackers for U.S. intelligence agencies who took contract jobs hacking on behalf of the United Arab Emirates — and helped the gulf nation spy on a BBC host and the chairman of Al Jazeera among other targets.
The State Department granted permission for a Maryland-based company to offer those hackers’ services to the UAE, but it’s not clear how much the department actually knew about the operations, Reuters reported.
A House Appropriations subcommittee on Wednesday forwarded legislation that “would direct the State Department to report to Congress how it decides whether to approve the sale of cyber capabilities abroad and to disclose any action it has taken to punish companies for violating its policies in the past year,” Chris and Joel reported.
The measure was added to a spending bill by Dutch Ruppersberger (D-Md.) who told Reuters he was “particularly troubled by recent media reports” about the State Department’s process for approving the sale of cyberweapons and services.
Cybersecurity news from the public sector:
Cybersecurity news from the private sector:
Cybersecurity news from abroad: