Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency Official Says

whiteMocca/Shutterstock.com

The government should be focused on mitigating the danger any software can pose, rather than banning software from China and elsewhere, the NNSA CIO says.

The federal government can’t legislate or mandate its way out of the risk of foreign hackers compromising its networks, the top tech official in the government’s nuclear security agency said Tuesday.

Instead of banning software with a connection to China or other U.S. cyber adversaries, government tech shops should focus on installing safeguards that mitigate any risk the software poses for foreign spying or sabotage, said Wayne Jones, chief information officer at the National Nuclear Security Administration.

“You can’t think about it: ‘Well, I’m not going to use that product because it came from China.’ You have to figure out: ‘How do I use that product so it’s going to protect my information,’” Jones said during a panel discussion hosted by the Armed Forces Communications and Electronics Association, a professional association.

“How do you build an environment … that you can have these tools or products in to ensure that you’re not giving away the farm,” he said.

Jones declined to specifically discuss a governmentwide ban that Congress approved in December for anti-virus from the Moscow-based Kaspersky Lab or congressional bans that are likely to become law aimed at the Chinese companies Huawei and ZTE.

“I’m not going to say whether Congress has gone too far or not, because I do like my job,” he said.  

Jones did note, though, that it would be exceedingly difficult to restrict the government to only hardware and software with no questionable foreign ties.

“We’re in a global economy whether we want to believe it or not,” Jones said.

He later added: “When we start pulling the onion back on all of the products and services that you have, you’re going to find a chip somewhere—let’s just be honest about it—from one of the nations we’re not happy about using.”

Even with the governmentwide ban in place, Jones noted, tech and cyber officials must still deal with Kaspersky’s risks.

“I know that, in my environment, I have scientists from other countries who come in to do work for us that have [Kaspersky]. So how am I protecting myself from that?” Jones asked. “Kaspersky is not one of the tools I use in my environment today, but there are people who connect to my guest networks that do have it. So how do I protect myself?”

Donald Purdy Jr., the chief security officer at Huawei’s U.S. division, made a similar argument in a Tuesday op-ed published in Fortune.

By banning particular software from specific countries, Congress fundamentally misunderstands the nature of cyber threats, Purdy, a former top government cyber official during the George W. Bush administration, argued.

“Members of Congress may sincerely believe that barring one or two Chinese companies from the U.S. market will significantly protect the country’s networks,” Purdy writes. “But today’s telecommunications industry is transnational and borderless. All of its leading players already use equipment developed or manufactured in China.”

Instead of “selectively banning one or two foreign companies from the U.S. market,” Purdy writes, the government should focus on improving cyber resilience and “implementing a comprehensive cybersecurity strategy.”

Purdy’s op-ed, while it discusses congressional efforts to ban Huawei from government networks, is focused largely on a Federal Communications Commission regulatory action that would restrict Huawei in U.S. telecommunications networks on a much broader scale.

The governmentwide Huawei and ZTE ban is included in both the House and Senate version of a must-pass annual defense policy bill. Those bills have passed both chambers and are now with a conference committee.

The Homeland Security Department, which has not yet taken any action against Huawei and ZTE, instituted a governmentwide Kaspersky ban in October, two months before the congressional ban. Kaspersky is challenging both of those bans now in the U.S. Court of Appeals for the District of Columbia.

Both Kaspersky bans cited a Russian law that officials believe could compel Kaspersky to help the Kremlin spy on U.S. government agencies.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.