It's becoming almost impossible to untangle U.S. supply chain security policy from other political and economic issues at play, particularly when dealing with China, cybersecurity experts say.
It's becoming almost impossible to untangle U.S. supply chain security policy from other political and economic issues, particularly when dealing with China, cybersecurity experts say.
Representatives from the Department of Homeland Security's Information Communications Technology Supply Chain Task Force said they hope to find a consensus set of recommendations for keeping compromised or suspect parts out of the U.S. technology supply chain that avoids singling out particular countries or companies.
"What's happened -- and this is very challenging for us -- is that we have conflated national security issues with economic and trade issues, with geopolitical issues, and it's very difficult to know where one of those aspects ends and another one begins," said Robert Mayer, senior vice president of cybersecurity at USTelecom and industry co-chair of the ICT Supply Chain Task Force, speaking at a June 6 webinar hosted by Inside Security. "So we find ourselves in this cauldron of conversation where one moment it's a national security conversation, the next moment it's a trade conversation."
While the Trump administration's recent supply chain executive order, which directs the Department of Commerce to develop new rules for banning information and communications technology sales, does not mention specific countries or companies by name, it has been widely reported that the White House hopes to use the order to stop or slow the momentum of Chinese telecommunications giant Huawei in building out 5G networks around the world. In a separate action, Huawei was also placed on the Bureau of Industry and Security's entity list, forcing U.S. companies to apply for a special, rarely issued license in order to sell parts and materials to the company.
In a Washington Post survey of 100 cybersecurity experts, 61 said the ban against Huawei won't make the U.S. supply chain more secure, with many arguing it could wind up hurting U.S. tech companies more than Huawei.
Following the listing, Chinese officials announced they would be developing their own "unreliable entity list" for foreign companies. Beijing has also floated the possibility of cutting off U.S. firms from rare earth minerals that are used in many of tech products. China currently supplies about 80% of rare earth minerals imported to the United States.
Recent comments by President Donald Trump that the actions against Huawei could be reversed or softened as part of a broader trade deal with China have only further muddied the waters about whether the administration is viewing the situation strictly through a security lens.
John Miller, vice president of policy and senior counsel at the Information Technology Industry Council, concurred with that view. If new supply chain rules aren't structured the right way, he said, the potential for blowback is high.
"We have cautioned against, in other bills and other years on these types of issues, taking a blacklist approach and just naming countries or companies in legislation," said Miller. "And we've raised the possibility that it really opens [U.S. businesses] or anyone else up to potential retaliation and clearly that's happening now."
Bob Kolasky, director of the National Risk Management Center at DHS and co-chair of the ICT Supply Chain Task Force, acknowledged that the executive order, the actions against Huawei and larger trade tensions between the U.S. and China all bleed into their work, but said they don't change the overall objective the task force is working towards.
Kolasky also rejected attempts at equivalence between U.S. and Chinese companies, saying he wasn't worried about Beijing targeting unreliable companies because "American companies are trustworthy."
"We have a corporate governance system in this country that allows for transparency," Kolasky said. "And you know, China is going to make the decisions they do at the government level, but we're going to make sure we can win on transparency."
This article was first posted to FCW, a sibling site to GCN.