The Department of Commerce on Thursday issued an interim rule to secure the nation's information and communications technology and services (ICTS) supply chain, identifying China, Russia, Iran, North Korea, Cuba and Venezuela as threats.
The interim rule, which will be published soon in the Federal Register, was directed by President Trump's May 2019 Executive Order 13873 on Securing the Information and Communications Technology and Services Supply Chain (Defense Daily, May 15, 2019). The directive didn't identify specific foreign adversaries but appeared to be largely aimed at China, in particular key information technology companies such as Huawei and ZTE.
The U.S. intelligence community has warned that Chinese technology companies, many of whom make up portions of the ICTS supply chain worldwide, are subject to controls from the Chinese Communist Party and are a vehicle for espionage. U.S. companies are banned from using Huawei's equipment.
U.S. government agencies are prohibited from using cyber security products developed by Russia-based Kaspersky Labs, which is also seen as a backdoor for Russian spy agencies to access users' networks.
"Aggressively securing the ICTS supply chain will protect American citizens and businesses from vulnerabilities that could undermine the confidentiality, integrity, and availability of their personal information or sensitive data by malicious foreign adversaries and those who wish harm on the United States," Commerce Secretary Wilbur Ross said in a statement.
Once published, the rule will be effective in 60 days. The department said the rule allows it to issue regulations for it to identify, assess and address certain transactions in the ICTS space.