January 26, 2020

January 24, 2020

Subscribe to Latest Legal News and Analysis

January 23, 2020

Subscribe to Latest Legal News and Analysis

Vermont CIO Aggressive Against Russian and Chinese Products

In an effort to phase out what many in the security world believe are threats to the cybersecurity posture of governmental agencies and private entities alike, John Quinn, the Chief Information Officer of the State of Vermont, recently issued a memo to all state offices requesting that they determine whether any hardware or software manufactured by Kaspersky Lab (which has been linked by the U.S. government to the Russian government), Huawei or ZTE (both of which have been accused of spying on U.S. companies for the Chinese government) is being used in any state systems.

The memo asked agencies to review whether any products of these companies were being used, and if so, to remove them immediately or phase them out of use over the next 60-90 days.

According to Quinn, “[T]he federal cybersecurity and intelligence communities have documented evidence of the concerns regarding these products or telecommunications equipment and have used several mechanisms…to block their use within the federal technology community.” As such, Quinn’s Order immediately prohibits the renewal of any contracts with these companies and the use of any of their products.

The agencies are to provide Quinn’s office with a list of where the products are being used . They will have 30 days thereafter to provide a plan to phase out the prohibited products and replace them with approved products. The plans are to be updated every month until the banned products are completely eliminated.

According to Quinn, “[W]e believe we are the first state or one of the first to issue a directive like this.” We anticipate other states will follow Vermont’s lead.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...