White House Rips into Law Obama SignedProvision Makes IT Security Implementation Challenging
The White House is criticizing a provision in a new law that requires four federal agencies to identify cyber-espionage and sabotage risks newly acquired technology might pose even though President Obama signed the legislation.
The president is joining with others in expressing concern that the provision would make it much tougher for the agencies to acquire technology to secure their information systems.
The provision is found in the Consolidated and Further Continuing Appropriations Act of 2013, commonly known as the continuing resolution, that Congress enacted last month to keep the government running through the end of the fiscal year on Sept. 30 [see 'Hidden' Law Could Hamper Gov't Infosec].
White House spokeswoman Caitlin Hayden says Obama had little choice but to accept what Congress passed. "The president signed the bill to fund the government," she says.
Under the provision, the heads of the departments of Commerce and Justice, NASA and the National Science Foundation, in consultation with the FBI or another appropriate federal entity, must conduct risk assessments on acquired technology to determine if they pose a threat for cyber-espionage or sabotage. The rider expressly cites Chinese manufacturers, which some lawmakers believe produce computer and telecommunications equipment that can spy on IT systems [see House Panel: 2 Chinese Firms Pose IT Security Risks]. However, the wording of the provision suggests it would apply to any computer and telecommunications technology wares the agencies acquire, including those manufactured in the United States.
Hayden says the undefined terms of the provision will make implementation a challenge. "It could prove highly disruptive without significantly enhancing the affected agencies' cybersecurity," she says. "While the administration has raised concerns about the cyberthreats emanating from China, resolving this issue requires open dialogue between the U.S. and China [see Obama Raises IP Theft with New China Leader]. We look forward to working with Congress to review this provision as part of the fiscal year 2014 appropriations process to determine how best to address concerns about federal agency cybersecurity."
The White House isn't the only one perturbed by the provision. The Information Technology Industry Council, the lobbying arm of the IT industry, sent a letter dated April 4 to the leaders of the Senate and House, calling for the repeal of the new assessment requirements that it characterizes as "troubling and counterproductive," which could produce significant international repercussions and put American-based global IT companies at a competitive disadvantage.
"At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity," the council's letter says.
Arcane rules in Congress allow lawmakers to surreptitiously add amendments to legislation in an opaque process in which the provisions often escape the eye of most lawmakers and staffers reviewing the bill before passage.