President Donald Trump issued an executive order Wednesday that is intended to prevent U.S. companies from using telecommunications technology made by firms that are beholden to foreign adversaries.
The goal of the order is to protect the security, economy, and critical infrastructure of the U.S., a senior administration official told reporters Wednesday. The intent is to prevent economic and industrial espionage, especially those activities that pose “undue risk of sabotage” through technologies that are “owned by, controlled by, or subject to the jurisdiction or direction” of foreign adversaries.
Although the order, which invokes the International Emergency Economic Powers Act and the National Emergencies Act, does not name any country or company in particular, the order is thought to impinge on business with China-based Huawei.
The order comes as tension has risen over the U.S.-China trade war. Earlier this week, the Chinese government said it will impose tariffs on $60 billion worth of U.S. goods, which was followed by the Trump administration publishing a list of Chinese goods that would be subject to new tariffs.
The order imposing these restrictions has been expected for months. According to The Washington Post, the National Economic Council had repeatedly delayed the order, and when trade talks with China hit a standstill, rolled out the order.
“These things just take time,” one senior administration official said on the timing of the rollout. “The documents were recently ready for the presidential signature and it just so happened that now was that time.”
The order, which effectively declares a “national emergency,” will enable the Department of Commerce to roll out an enforcement plan, which can include naming individuals or countries that are considered to be foreign adversaries and subject to the ban.
The department has also added Huawei to the Bureau of Industry and Security’s Entity List, which requires any U.S. company to get approval from the department before conducting business with Huawei. It also gives the government the power to refuse such an agreement if there is a “reasonable basis” that the deal is “contrary to U.S. national security interests.”
Trump and lawmakers have previously taken a stand against Huawei. The National Defense Authorization Act, which Trump signed into law last year, put restrictions on the U.S. government’s use of products coming from China, including those from Huawei and ZTE.
The private sector has begun limiting its transactions with Huawei as well. The four largest telecommunications companies in the U.S. — Verizon, AT&T, Sprint, and T-Mobile — have agreed to not use Huawei hardware that powers their 5G networks.
In 150 days the Commerce Department is to lay out interim regulations for the order and will then accept public comment on them. When asked what possible enforcement mechanisms the department is considering beyond just prohibiting transactions, senior administration officials would not elaborate.
Of particular concern is the fact that Huawei is controlled by the Chinese government and cannot refuse requests to participate in espionage under China’s national intelligence law, which empowers China to use its citizens and companies for intelligence purposes.
Huawei has repeatedly denied that its equipment could be used to support Chinese espionage, and sued the U.S. government earlier this year over the issue.
“Chinese citizens and organizations are required to cooperate with Chinese intelligence and security services,”Amb. Rob Strayer, the Deputy Assistant Secretary of State for Cyber, said Tuesday while testifying before the Senate Judiciary Committee.
Jeanette Manfra, assistant director for cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said the order is about supply chain risk.
The executive order is “a mechanism to give government the authorities it needs to manage supply chain risk,” Manfra told reporters Wednesday.
The directive follows other U.S. government efforts, including a DHS-led task force, to get a clearer picture of supply-chain vulnerabilities.
The broader picture
Even if an eventual ban eventually rids U.S. networks of Huawei’s tech, it does not isolate the country from the effects of possible cyberattacks, CISA Director Chris Krebs told the Senate Judiciary Committee Tuesday.
“If it’s a mission in Europe or a mission in Africa — … if it’s riding on a commercial network that’s supported by Huawei … the availability and the ability of that mission or the Department of Defense to operate … to run command and control — if they [Huawei] control the network, they control whether we can communicate,” Krebs said. “At that point who cares if they’re listening in? They can control whether we can connect dots.”
There are also vulnerabilities in Huawei technologies that other adversaries — not just China — can exploit, some of which are detailed in the Huawei Cyber Security Evaluation Centre Oversight Board 2019 report to the UK’s National Security Adviser.
“The quality of [Huawei] engineering is not great and so there are a number of vulnerabilities that are left open on [the hardware],” Krebs said. “China and other capable actors — Russia, Iran, North Korea, others — could exploit vulnerabilities on the [hardware.]”
Allies’ use of Huawei technologies is also a concern for the U.S. government’s diplomatic corps. While allies including Japan, New Zealand, and Australia have effectively banned Huawei, the UK is still deliberating. Last month, the UK reportedly decided to allow Huawei to work on “non-core” equipment in Great Britain.
Strayer took issue with using Huawei in certain parts of 5G plans, noting, “it’s just as dangerous” to use Huawei “in the remote parts of the network as the core.”
The pressure is on for the UK to make up its mind — the U.S. has previously threatened to curtail its intelligence-sharing with Britain over Huawei, and the threat to cut intelligence-sharing remains.