The Department of Commerce has issued an interim rule for securing the Information and Communications Technology (ICTS) supply chain and Americans' data, and as part of that has identified six countries/regimes as adversarial threats to that chain.
They are the People’s Republic of China (China), the Russian Federation (Russia), the Islamic Republic of Iran (Iran), the Democratic People’s Republic of Korea (North Korea), the Republic of Cuba (Cuba), and Venezuelan politician Nicolás Maduro (Maduro Regime).
Also Read: Commerce Restricts Exports to SMIC
“Aggressively securing the ICTS supply chain will protect American citizens and businesses from vulnerabilities that could undermine the confidentiality, integrity, and availability of their personal information or sensitive data by malicious foreign adversaries and those who wish harm on the United States,” said Commerce Secretary Wilbur Ross.
In May 2019, President Trump issued an executive order that gave Ross the authority to nix certain ICTS transactions that were “designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries.”
Also Read: Commerce Expands Huawei Restrictions
The rule, which is effective 60 days from its publication in the Federal Register, "allows the Department to promulgate regulations to create the processes and procedures that the Secretary of Commerce will use to identify, assess, and address certain transactions."
Given the timing, it will be up the the Biden Commerce Department to follow through with a permanent rule if it chooses to do so.
White House officials speaking on background said the rule does not prohibit technology or ban imports. Instead, it sets up a process by which suspect tech transactions can be referred to the Secretary of Commerce, that conern investigated, and within 180 days of the referral the secretary will either block, prohibit, or mitigate that transaction.
As to the timing of the interim rule only days befor Commerce comes under new management, the officials says they expected the Biden Administration would see the need for the rule, but did not want to wait any longer to come out with the rule.
They said the rule provides a government-private sectors sharing structure for identifying sensitive technology--wireless backbone, controlling software, hardware--in sensitive sectors and making sure the supply chain is as secure as possible, similar to the Committee on Foreign Investment in the United States (CFIUS) reviews of certain transactions that involve foreign investment in U.S. companies. But if a sale--the rule does not cover investment--had already passed CFIUS review, it would not get a second vetting under the rule.
Among the tech target for review would be software that facilitates the transfer of information. Asked whether than doesn't cover basically any software, the officials said they were only talking about software used by more than 1 million people at any time during the previous 12 months.
Also targeted is tech integral to data hosting of computer services and lcoal area network (LAN) technologies.
