When the U.S. Government Declares Companies Cyber-Insecure, We Should All Pay Attention
The U.S. Government is increasingly taking the initiative to alert companies to the cybersecurity risks of certain foreign corporations. Whether by issuing binding directives on agencies, passing laws or promulgating regulations that include prohibitions on the use of these companies’ products – including by government contractors, the Government is becoming less reluctant to interfere in the private market in favor of warning American companies of the cybersecurity dangers out there.
As we have mentioned in two prior posts, the Administration began this initiative some time ago. As we discuss in a longer post, the 2019 National Defense Authorization Act imposes new restrictions on procurements for certain telecommunications equipment or services from certain Chinese companies, including Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.
Putting it Into Practice: Lawyers and cybersecurity professionals should continue to pay attention to the Government’s various statements and prohibitions about foreign companies and their risks to cybersecurity. Government contractors should study the NDAA’s provisions. The Government does not take these steps lightly, and it carries great weight. It not only affects the standards that companies are held to; it sometimes outright prohibits the use of certain companies’ products. And there is more to come: Reportedly, President Trump will soon issue a new Executive Order on this subject.