Cloud security

Trump’s last-day order clamps down on foreign access to US-based IaaS

On the final night of his presidency, Donald Trump issued an executive order aimed at forcing cloud providers to capture more complete records about foreign customers who lease cloud infrastructure and resell it to cyber attackers. The EO directly targets foreigners’ use of infrastructure-as-a-service (IaaS) products, which makes it difficult for U.S. officials to track and obtain information and allows malicious actors to evade detection, according to a letter Trump wrote to Congress that was publicly released in the evening of Jan. 19.

To address those threats, the EO states, the government will move to require IaaS providers to keep more complete records of foreign entities that they sell to – including verifying the identity and payment records of those obtaining an IaaS account and any foreign person acting as a lessee of these products or services -- and potentially require companies to limit access for "certain foreign actors."

The secretaries of commerce, state, treasury, defense, homeland security, the attorney general and the director of national intelligence have discretion on which foreign entities could be barred through the executive order.

Crowdstrike founder and former CTO Dmitri Alperovitch said on Twitter that the policy outlined in the order could have helped the government gather more information in the wake of the SolarWinds Orion breach. In that breach, Alperovitch said, hackers "exclusively used US cloud infrastructure to make it difficult for US intelligence community to track them." He added that "requirements like this one can go a long way to move these actors offshore and make it easier for [the government] to track them. One potential downside -- the requirements can be quite onerous/expensive for smaller providers and may lose them foreign business."

It is not clear whether President Joe Biden's administration will enforce the executive order. Ahead of the inauguration, Biden's transition team published a list of executive orders he'd immediately sign to undo certain Trump administration policies.

The Trump order has a six-month comment period.

This article was first posted to FCW, a sibling site to GCN.

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected