CIO Briefing

Agencies can’t bar feds from joining suspect foreign firms

The training center of the Huawei Technologies Co. headquarters in Shenzhen, China.

The training center of the Huawei Technologies Co. headquarters in Shenzhen, China. // Kin Cheung/AP

No policies prohibit federal employees from working for Chinese companies following their federal service, a fact that has allowed telecom giant Huawei, accused by lawmakers of cyberespionage, to hire a number of well-connected former U.S. officials.

In July, Andy Purdy, a past head of the Homeland Security Department’s national cybersecurity division, became Huawei USA’s chief security officer. Purdy’s move took colleagues by surprise at his previous employer, federal contractor CSC, according to people familiar with the situation. During the past year, Huawei has hired Doyce Boesch, a former Senate aide, and William Black, former chief of staff to then-House Democratic Leader Rep. Steny H. Hoyer, D-Md. In addition, Huawei’s Global Chief Cybersecurity Officer John Suffolk is the former U.K. government chief information officer and chief information security officer.

The concern with Huawei’s hiring strategy is that the multinational tech company, founded by a former People’s Liberation Army member, may be acting on behalf of the Chinese military. House members are investigating the company for allegedly inserting backdoors into products that can remotely siphon data or incapacitate computers.

The Shenzhen, China-based business, which is branching out worldwide, disputes claims that it is under Chinese government control or tampers with clients’ technology. “Let me be clear -- Huawei has not and will not jeopardize our global commercial success nor the integrity of our customers’ networks for any third party, government or otherwise. Ever,” Charles Ding, Huawei corporate senior vice president, testified before a House committee in September.

Huawei has maintained a U.S. headquarters in Plano, Texas, for 11 years and is attempting to attract more American business, partly by recruiting well-respected Westerners with government and security backgrounds. Company officials say they plan for Americans to fill 70 percent of stateside jobs. The firm currently runs a dozen U.S. offices and employs 1,700 people here compared with 140,000 staff worldwide.  

There is little precedent in the federal government for dealing with outflows of computer security personnel to Chinese companies. Exit restrictions at DHS, the FBI and other agencies with cybersecurity responsibilities are largely prohibitions on doing business with one’s former department while employed by an overseas business. “In general, the FBI is not aware of any law, regulation or policy which would preclude an individual who has not been an FBI employee for more than a year, like any former U.S. government employee, from working for a private-foreign-owned company,” bureau spokeswoman Kathleen Wright said.

In addition, curbs on personnel to prevent them from disclosing sensitive information after leaving government are hard to impose, as evidenced by a new memoir by a former Navy SEAL who helped kill Osama bin Laden.

Pentagon spokesman Lt. Col. Damien Pickart said, “the Department of Defense does not have an official policy dictating where employees and service members can work after they leave the department, [including] foreign firms.”

‘It’s a Global World’

When a Defense employee with a security clearance exits the U.S. military, the individual is bound by a nondisclosure agreement not to divulge sensitive, classified or Pentagon proprietary information. When a cleared FBI employee departs, that person, too, must sign a nondisclosure agreement, bureau officials said. Homeland Security officials said personnel can seek ethics advice from department attorneys about these restrictions. Officials did not reference any mandates related to national security disclosures.

In response to an inquiry about Purdy’s post-U.S. employment constraints, a Huawei spokesperson said, “it’s a global world. Global companies hire the best employees they can find. No global company has all of its people and all of its offices in one country. That’s what makes them global.” Purdy was unavailable for an interview.

A former intelligence community official said there are no easily enforceable post-employment prohibitions pertaining to sensitive data. Blocking former federal officials from joining China-based companies, such as Huawei, could be economically damaging to the United States. China could retaliate against employment bans by ending American manufacturing partnerships and investments in U.S. communities. American firms, including Cisco, operate in China, and the communist state manufactures equipment for U.S. networks.  

“I tend to think that a broad sweeping law for every country on the planet is the worst prescription,” said Chris Bronk, a former U.S. diplomat and now a cybersecurity research fellow at Rice University. “And if you are just picking China, you are talking about China bashing. The Chinese bilateral relationship is very touchy.”  

One penalty the U.S. government could impose on former employees who join Chinese firms: Forbid them from working ever again as cleared personnel.

“An attorney general or a secretary of Homeland Security can say, ‘No new law needs to go on the books, but if you choose to leave your cleared employment in the U.S. government for a Chinese company it may be difficult if not impossible to re-enter cleared employment in the United States again,’” Bronk said.  “That’s the kind of thing that needs to be a reminder: You are burning a bridge.”

Even without that prohibition, someone who worked for a Chinese firm would have a hard time renewing or obtaining a U.S. security clearance after exiting the company, noted the former intelligence official. The federal government “would question his dedication and commitment to the United States,” the official said.

What if an American Huawei employee returned to the federal government -- might that be beneficial for U.S. intelligence gathering? Huawei, in a way, is putting itself in an awkward position by bringing a potential turncoat onboard, Bronk said. “To what degree are they compromising Huawei?” he questioned.

The current situation with Huawei has no historical parallel, sources said. “This isn’t like going to a Soviet-owned company” during the Cold War, when the rules of conduct where clear, said a cyber industry executive who offers guidance to the federal government and spoke on the condition of anonymity.  

Huawei’s efforts to make inroads in the U.S. economy also are different from Japan’s recruitment of U.S. executives during the 1980s, according to Bronk. “The cultural values of Japan and China are very different, especially regarding national security,” he said. “We don’t have a mutual defense pact with China . . . So this is something to worry about.” On the flipside, however, “maybe this represents a way that Huawei can talk to us about these issues. We have to talk to China anyway, so maybe it’s better to have Americans there.”

Threatwatch Alert

Network intrusion / Unauthorized use of system administrator privileges / Software vulnerability

Spammers Commandeer City of Mobile’s Server via Shellshock

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// October 24
X CLOSE Don't show again

Like us on Facebook