Commerce proposes supply chain security rules
Proposed rules back up the White House’s earlier executive order to protect information and communications supply chains from foreign cyber dangers.
On the heels of new rules at the Federal Communications Commission that limit the use of Chinese-made telecommunications gear in U.S. infrastructure, the Department of Commerce proposed new regulations to identify, evaluate and address transactions involving such hardware.
On Nov. 26, the Commerce Department rolled out a proposed rule that would back the White House’s executive order to secure information and communications technology and services supply chains. The rule would require the Commerce secretary to evaluate individual telecommunications gear transactions, using a "case-by-case, fact-specific approach" to determine which transactions might be blocked or altered, the agency said. Those determinations would be based on assessments developed by the Department of Homeland Security and national intelligence agencies.
The Commerce Department said it will notify parties engaged in any transaction it may deem having a “risk of public harm” or a danger to national security. Those parties, it said, can submit their arguments for consideration, and the Commerce secretary will then issue an unclassified final determination on the deal.
Comments on the Commerce Department’s proposal are due in 30 days, the agency said.
The White House issued an executive order last May tasking the Commerce Department with crafting the specific rules to protect IT and communications supply chains. The executive order cited the International Emergency Economic Powers Act and the National Emergencies Act, after finding “foreign adversaries” were set on using IT and communications gear to infiltrate U.S. telecommunications infrastructure for potential cyberattack as well as economic and industrial espionage.
The proposed rules are the latest move in a bid to blunt the infiltration of telecommunications gear made by Huawei and ZTE, particularly emerging wireless 5G equipment into the U.S. critical infrastructure.
Federal regulators, intelligence and law enforcement officials have said that given Huawei and ZTE’s close relationship and legal obligations to the Chinese government, their gear poses a threat to telecommunications infrastructure, as well as to national security. They say the equipment may have backdoors that could allow the Chinese government to meddle with U.S. critical network infrastructure or open the door to massive, crippling data theft.
On Nov. 22, the FCC blocked use of the $8 billion Universal Service Fund, which is tapped primarily by small and rural telecommunications companies, to buy Huawei and ZTE equipment. It also proposed rules to require companies that have already installed the suspect equipment to remove it.