In President Donald Trump’s recent executive order on Securing the Information and Communications Technology and Services Supply Chain, he referred to adversarial cyber threats on U.S. IT as a national emergency, and ordered certain actions to counter and mitigate these threats.
Two specific threats were referenced: the first are those from foreign adversaries creating and exploiting vulnerabilities in information and communication technology services that hold sensitive information, facilitate digital economy, and support critical infrastructure and emergency services — with the malicious cyber intent of economic and industrial espionage.
The second are threats from the country’s unrestricted purchasing and use of information and communication technologies and services designed, developed, manufactured or supplied by entities owned or controlled by foreign adversaries. According to Trump, this increases the ability of those adversaries to create vulnerabilities in the technology with “potentially catastrophic effects.”
These threats, Trump says, are to U.S. national security, foreign policy and economy.
“Although neither China nor Huawei is mentioned in the executive order, each is clear the target of this decision,” said Norman Roule, former CIA officer of 34 years managing numerous intelligence community programs at home and abroad. “The order shows that the Trump administration has come to the overdue decision to protect America’s infrastructure.”
And while the executive order recognizes that having an open investment climate in these technologies is important for growth, it emphasizes balance for protection and orders a number of steps be taken to achieve that balance.
“Dozens of U.S. companies will be affected by this decision, but the national security imperative outweighs commercial and economic concerns,” Roule added.
The executive order bans the acquisition, importation, transfer, installation or use of information and communications technology or service where the transaction involving those technologies were designed, developed or manufactured by a foreign adversary.
That includes if the transaction poses a risk of sabotage to the integrity, production, distribution and operation of those technologies and services in the U.S.; presents a risk of catastrophic effects on security or resiliency of U.S. critical infrastructure or digital economy; or poses a risk to national security of the U.S. and its citizens.
These transactional risks are to be determined by the secretaries of Commerce, Treasury, State, Defense and Homeland Security, the attorney general, the U.S. trade representative, the director of national intelligence, the administrator of General Services Administration, and the chairman of the Federal Communications Commission, among heads of other agencies.
But the work shouldn’t stop here, according to Roule.
“We now need to work with European and Gulf partners to protect American interests from their decisions relating to Chinese technology,” he said. “This will not be easy. For some, China’s rock-bottom prices will prove a tremendous lure. For others, the national security imperative is a lower priority. Finally, the administration and Congress need to urgently undertake tangible measures to accelerate our investment in 5G and 6G technologies to offer U.S. and partner nation firms alternatives now and in the future.”
Specific foreign adversarial countries and persons weren’t detailed in the executive order, but Trump said any rules and regulations following the order may determine them. And as for the DNI, he ordered to continue assessing threats to the U.S. from information and communications technology manufactured by foreign adversaries, and to provide periodic written assessments of the threats to himself and relevant agency heads.
Related: Trump’s Cyber Workforce Executive Order Aims to Bolster Training and Talent Pool Nationwide