Members of industry involved in supply chain security efforts worry that international trade and other geopolitical concerns are muddying the security focus of their work.
Representatives from the Department of Homeland Security's Information Communications Technology Supply Chain Task Force said they hope to find a consensus set of recommendations for keeping compromised or suspect parts out of the U.S. technology supply chain that avoids singling out particular countries or companies.
However, some members of industry expressed concern when asked about the potential for retaliation against U.S. businesses by China.
In a response to a question from FCW during a June 6 webinar hosted by Inside Cybersecurity, Robert Mayer, senior vice president of cybersecurity at USTelecom and industry co-chair of the ICT Supply Chain Task Force, endorsed the national security rationale behind the task force's work as well as the Trump administration's recent supply chain executive order, which directs the Department of Commerce to develop new rules for banning information and communications technology sales.
He also acknowledged that it is almost impossible to untangle U.S. supply chain security policy from other political and economic issues at play, particularly when dealing with China.
"What's happened -- and this is very challenging for us -- is that we have conflated national security issues with economic and trade issues, with geopolitical issues, and it's very difficult to know where one of those aspects ends and another one begins," said Mayer. "So we find ourselves in this cauldron of conversation where one moment it's a national security conversation, the next moment it's a trade conversation."
While the order does not mention specific countries or companies by name, it has been widely reported that the administration hopes to use the order to stop or slow the momentum of Chinese telecommunications giant Huawei in building out 5G networks around the world. In a separate action taken the same day, Huawei was also placed on the Bureau of Industry and Security's entity list, forcing U.S. companies to apply for a special, rarely issued license in order to sell parts and materials to the company.
In a Washington Post survey of 100 cybersecurity experts, 61 said the ban against Huawei won't make the U.S. supply chain more secure, with many arguing it could wind up hurting U.S. tech companies more than Huawei.
Following the listing, Chinese officials announced they would be developing their own "unreliable entity list" for foreign companies. Beijing has also floated the possibility of cutting off U.S. firms from rare earth minerals that are used in many of tech products. China currently supplies about 80% of rare earth minerals imported to the United States.
Recent comments by President Donald Trump that the actions against Huawei could be reversed or softened as part of a broader trade deal with China have only further muddied the waters about whether the administration is viewing the situation strictly through a security lens.
John Miller, vice president of policy and senior counsel at the Information Technology Industry Council, concurred with that view. If new supply chain rules aren't structured the right way, he said, the potential for blowback is high.
"We have cautioned against, in other bills and other years on these types of issues, taking a blacklist approach and just naming countries or companies in legislation," said Miller. "And we've raised the possibility that it really opens [U.S. businesses] or anyone else up to potential retaliation and clearly that's happening now."
Bob Kolasky, director of the National Risk Management Center at DHS and co-chair of the ICT Supply Chain Task Force, acknowledged that the executive order, the actions against Huawei and larger trade tensions between the U.S. and China all bleed into their work, but said they don't change the overall objective the task force is working towards.
"At the end of the day we've been asked to evaluate…what it takes to get our supply chain more secure," said Kolasky. "I think we're doing that based on evidence and based on the best available information, making judgments and applying those judgments through a range of policy levers."
Kolasky seemingly rejected attempts at equivalence between U.S. and Chinese companies, saying he wasn't worried about Beijing targeting unreliable companies because "American companies are trustworthy."
"We have a corporate governance system in this country that allows for transparency and you know, China is going to make the decisions they do at the government level but we're going to make sure we can win on transparency," Kolasky said.