Lawmakers Voice Concern Over Supply Chain Security for Communications Equipment
Lawmakers on both sides of the aisle agreed May 21 that more work needs to be done to secure the supply chain for communications network equipment, they said during House cybersecurity hearings. The House Communications Subcommittee said it launched a supply chain security working group this week, co-chaired by Communications Subcommittee Ranking Member Anna Eshoo, D-Calif., and House Intelligence Committee Chairman Mike Rogers, R-Mich. Last year Rogers urged the U.S. government and American companies to avoid doing business with Huawei and ZTE because of what he said are long-term security risks associated with the companies. Also participating in the working group are: Reps. Bob Latta, R-Ohio; Mike Doyle, D-Pa.; Lee Terry, R-Neb.; Ben Lujan, D-N.M.; Adam Kinzinger, R-Ill.; and Jim Matheson, D-Utah.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Communications Subcommittee Chairman Greg Walden, R-Ore., said in his opening remarks, "Supply chain risk management is essential if we are to guard against those that would compromise network equipment or exploit the software that runs over and through it."
Eshoo said supply chain security should be a "key component" of cybersecurity framework being developed by the National Institute of Science and Technology (NIST). "The implications of foreign-controlled telecommunications infrastructure companies providing equipment to the U.S. market, I think, really presents a very serious threat," she said. Rep. Doris Matsui, D-Calif., said it's "critical for industry to continue to be vigilant in ensuring their manufacturing and distribution processes are not compromised." She said lawmakers should also seek to address the security of mobile applications which she said are being used by hackers to infect consumers' cellphones with malware.
America's reliance on a global supply chain for communications equipment "introduces some degree of risk," GAO said in a report on supply chain security. "Risks include threats posed by actors such as foreign intelligence services or counterfeiters that may exploit vulnerabilities in the supply chain." Several network providers and equipment manufacturers interviewed by GAO said supply chain security is a high priority because any breaches of security could affect their brand image and profitability, according to the report released May 21 (here). -- Bryce Baschuk