The just-passed 2014 federal budget decides where $1.1 trillion will go and also determines where the money cannot go. One of the main places money cannot go is toward programs that help the People’s Republic of China or its military steal from or spy on the United States.
“The bill requires the departments of Commerce and Justice, NASA, and NSF to assess the risk of cyber espionage or sabotage before acquiring any information technology system, including equipment from companies owned, directed, or subsidized by China,” said Congressman Frank Wolf in a press release.
The budget identifies the People’s Republic of China as a “cyber threat.” The same ban applies to information systems from other countries, unless the agency has, according to the budget, “reviewed the supply chain risk” of the product.
The departments also need to work with the FBI or another approved federal office to determine if there is “any risk of cyber-espionage or sabotage associated with the acquisition of such systems...”
The risks include any product produced, manufactured, or assembled by an entity “identified by the United States Government as posing a cyber threat,” which includes “those that may be owned, directed, or subsidized by the People’s Republic of China.”
The concern comes with good reason. “China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of U.S. economic information and technology,” states a February 2013 White House report on stopping the theft of U.S. trade secrets.
Cybersecurity is a complex game, and risks in the supply chain are among the more recent concerns.
The White House report states, “Integration of foreign-manufactured components into U.S. defense systems is a growing concern ...”
Pushback
China isn’t happy with the law. The same day it was signed, China’s Ministry of Commerce released a statement saying it would “have a negative effect on Chinese companies, besides harming the interests of U.S. firms.”
“The U.S. side should correct its mistaken ways,” states the release, according to China’s state-run newspaper Global Times.
When similar provisions were included in last year’s budget, an open letter opposing some of the provisions was released by 11 organizations including The Software Alliance, Emergency Committee for American Trade, U.S. Chamber of Commerce, and others.
They wrote in the letter they were concerned that “The Chinese government may choose to retaliate against U.S.-based IT vendors by enacting a similar policy for screening IT system purchases in China.” It asked that cybersecurity policies advance security “while maintaining our companies’ innovative and competitive potential in global markets.”
There are other provisions in the new budget that forbid cooperation with China, but many are nothing new.
It includes limits on foreign access to U.S. satellite technology, which has been in place since 1999, and bans sales to China.
It also carries over a law from last year’s budget that forbids NASA and the Office of Science and Technology Policy from cooperating with China. It also bans the use of funds to host Chinese nationals, unless they can prove the visitors “pose no risk” of stealing technology or data, and the person is not known “to have direct involvement with violations of human rights.”