From: BankInfoSecurity.com
Agencies’ IT Security Might Suffer from Act Aimed at the Chinese
A mysterious lawmaker shielded by congressional rules covertly added language into a new law that could make the purchase of IT security wares very difficult for the departments of Commerce and Justice, NASA and the National Science Foundation.
The law – the Consolidated and Further Continuing Appropriations Act of 2013, commonly known as the continuing resolution – funds federal government operations through September and was enacted by Congress and signed by President Obama last month. The law contains a number of amendments that go beyond funding the government, including one that could complicate the process to acquire IT security wares for the four federal agencies.
Simply, the added provision requires that the agencies’ heads in consultation with the FBI or another appropriate federal entity (which weren’t identified in the legislation but presumably could include the Department of Homeland Security and National Security Agency) to conduct for the remainder of the fiscal year risk assessments on acquired technology to see if they pose a threat for cyber-espionage or sabotage.
The rider specifically mentions systems from Chinese manufacturers, which some lawmakers suspect produce computer and telecommunications equipment that can spy on IT systems at the request of the Chinese government, an allegation the manufacturers and China deny.
Grammar Matters
Though the amendment targets the Chinese, Brookings Institute Fellow Allan Friedman believes the law would cover technology manufactured anywhere, even in the United States, because of the way the legislation is worded. The reference to China in the law appears as a clause that augments the sentence establishing the assessment process. Take note of the comma appearing before the word “including” in the provision, which reads:
If the law’s intent is to safeguard government IT systems, it might have the opposite effect.
“If there is a security component that an agency desperately needs, this would make it harder to buy because now you have to go through an additional layer of certification by getting the cognizant attention of senior leadership inside the organization,” said Friedman, research director of the Center for Technology Innovation at Brookings, a think tank. “It’s one thing [for a cabinet secretary or agency director] to sign off on an acquisition; it’s another to sign off on the security of the acquisition.”
Slowing Down the Acquisition Process
Complicating the process – and perhaps threatening the security of critical information systems – is the review process by the FBI or other entity. “Once you cross boundaries like that, especially without further funding, you’re adding workload [and] you’re making it work much more slowly,” Friedman said.
![Share on Facebook Facebook](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/facebook.png)
![Share on Twitter twitter](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/twitter.png)
![Share on Google+ google_plus](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/google_plus.png)
![Share on Reddit reddit](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/reddit.png)
![Pin it with Pinterest pinterest](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/pinterest.png)
![Share on Linkedin linkedin](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/linkedin.png)
![Share by email mail](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/mail.png)
Leave a Reply