Cyber-espionage protections in HR933Posted: March 29, 2013
Someone snuck some pretty serious restrictions on government purchases of IT from Chinese-owned companies into the recently-approved continuing resolution. (Specifically: HR933, Division B, Title V, Sec. 516.)
Sec. 516. (a) None of the funds appropriated or otherwise made available under this Act may be used by the Departments of Commerce and Justice, the National Aeronautics and Space Administration, or the National Science Foundation to acquire an information technology system unless the head of the entity involved, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity, has made an assessment of any associated risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.
(b) None of the funds appropriated or otherwise made available under this Act may be used to acquire an information technology system described in an assessment required by subsection (a) and produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China unless the head of the assessing entity described in subsection (a) determines, and reports that determination to the Committees on Appropriations of the House of Representatives and the Senate, that the acquisition of such system is in the national interest of the United States.
My questions: Why does this only apply to Commerce, Justice, NASA, and NSF? What will the real impact be? Does this only apply to big-A Acquisition programs, or will it impact procurement?
I’m surprised this hasn’t gotten more publicity. I’m going to be very interested to follow how these restrictions are implemented.