Advertisement

Commerce Department proposes rules for implementing Trump’s supply-chain security order

The proposal is a key step toward making a more stringent national policy governing U.S. supply chains a reality.
supply chain security
Secretary of Commerce Wilbur Ross will “adopt a case-by-case” approach to determining what components will be banned (Getty Images)

The Department of Commerce on Tuesday outlined how it might implement a White House order that gives the department broad leeway to ban foreign parts in U.S. IT and communications supply chains because of security concerns.

Secretary of Commerce Wilbur Ross will “adopt a case-by-case” approach to determining what components will be banned, drawing on assessments from the Department of Homeland Security and the Office of the Director of National Intelligence, the department said in a statement.

Under the proposal, before making a final decision to exclude a foreign company from U.S. software and hardware supply chains, the Commerce Secretary would give the company an opportunity to address U.S. security concerns and avoid a ban. The secretary would send an unclassified ruling to the parties explaining the decision and make that public when appropriate.

The proposal is a key step toward making a more stringent national policy governing U.S. supply chains a reality. The executive order signed by President Donald Trump in May invokes a “national emergency” to close security gaps in the software and hardware that U.S. critical infrastructure companies acquire from other countries.

Advertisement

The policy changes come amid consistent warnings from multiple federal agencies that foreign spies have looked to infiltrate U.S. supply chains.

U.S. officials often call out telecommunications gear from Chinese companies Huawei and ZTE as being potential conduits for Chinese espionage. Those companies deny the claims.

But U.S. concerns go far further than any one company or government. Foreign adversaries are increasingly planting and exploiting vulnerabilities in IT “in order to commit malicious cyber-enabled actions, including economic and industrial espionage” against Americans, the executive order states.

The executive order is one of a series of measures that the Trump administration has taken on supply-chain security. The Department of Homeland Security has a National Risk Management Center working on the issue, and an interagency “acquisition council” warns agencies away from buying insecure products.

The Department of Commerce welcomed an assortment of public comments over the next month on the proposal, just not anything related to what constitutes a “foreign adversary.” That, the department said, is up to Ross.

Advertisement

Sometimes the risks to U.S. government and corporate supply chains are hiding in plain sight.

U.S. prosecutors last month announced charges against a New York company for allegedly selling Chinese-made surveillance equipment with known cybersecurity flaws while falsely claiming the technology was made in the U.S.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts