In the drafting of the FY 2019 Omnibus legislative bill, Congressional leaders addressed issues ranging from the basic funding of the federal government to defense measures. One of these inclusions, centered upon the purchasing and adaptation of foreign technology into government networks, made clear the position of lawmakers on the use of technology procured from foreign adversaries in government networks.
Referenced in Section 514 of the Omnibus legislation, the following language outlines how the U.S. government will not authorize funding for information systems at several government agencies unless these agencies:
- “(3) in consultation with the FBI or other appropriate Federal entity, conducted an assessment of any risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with such system being produced, manufactured, or assembled by one or more entities identified by the United States Government as posing a cyber-threat, including but not limited to, those that may be owned, directed, or subsidized by the People’s Republic of China, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, or the Russian Federation.”
This language shows that lawmakers are beginning to grasp the detriment these devices can cause in government networks, citing both the supply-chain and implementation dangers associated with foreign technology. In the wake of the DoD IG Report citing the continued purchasing of compromised technology by American defense employees, these actions become even more unacceptable as Congress had already enacted legislation to target and eliminate compromised technology from American networks.
As lawmakers move forward in addressing the persistent threat presented by the use of adversarial technology in American networks, it is imperative they look past companies like Huawei and instead focus on eliminating the whole of threats from American networks. The vulnerabilities stemming from the use of compromised technology is too great to ignore, and swapping a Huawei router will do little to mitigate risk if employees are still using Lexmark printers, Lenovo laptops and other compromised equipment manufactured by state owned, directed or subsidized companies.