On May 10, per a White House Press Brief, President Biden released his "Message to the Congress on the Continuation of the National Emergency With Respect to Securing the Information and Communications Technology and Services Supply Chain."
The statement from President Biden is as follows:
Section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)) provides for the automatic termination of a national emergency unless, within 90 days prior to the anniversary date of its declaration, the President publishes in the Federal Register and transmits to the Congress a notice stating that the emergency is to continue in effect beyond the anniversary date.
In accordance with this provision, I have sent to the Federal Register for publication the enclosed notice stating that the national emergency declared in Executive Order 13873 of May 15, 2019, with respect to securing the information and communications technology and services supply chain, is to continue in effect beyond May 15, 2023.
The unrestricted acquisition or use in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of these foreign adversaries to create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects.
This threat continues to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13873 with respect to securing the information and communications technology and services supply chain.
Executive Order 13873 on Securing the ICT and Services Supply Chain
As noted by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), in May 2019, President Trump issued an Executive Order on Securing the Information and Communications Technology and Services Supply Chain (E.O. 13873) "to strengthen efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services."
As stated by CISA, the E.O. sets out the procedures the Department of Commerce will use to prohibit the use or transaction of “information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary”, and that pose risk of sabotage or subversion; catastrophic effects on the nation’s critical infrastructure or digital economy; or adverse consequences to national security and public safety.
See also: FCC asks Congress for $3B more for Huawei/ZTE remove/replace program
Per information on the agency's website, CISA was directed, within 80 days of the E.O. release, “to assess and identify entities, hardware, software, and services that present vulnerabilities in the United States and that pose the greatest potential consequences to the national security of the United States” as decision support to the Department of Commerce.
In response, CISA and the government's ICT Supply Chain Risk Management (SCRM) Task Force worked with industry and government partners to: develop a standardized taxonomy of ICT elements (e.g., hardware, software, and services); perform criticality assessments on these ICT elements with appropriate stakeholder input; assess the national security risks stemming from vulnerabilities in ICT hardware, software, and services including components enabling 5G communications.
In the following video of a supply chain webinar put on by CISA held July 13, 2022, panelists from the Information Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force discussed key public-private sector policies, initiatives, and programs that are designed to advance ICT supply chain risk management resilience; examine how best to prioritize and rationalize federal cross-agency and private sector collaboration and activities utilizing a resource appropriate approach; and discuss the impacts of the COVID-19 pandemic and other recent disruptive events on the ICT supply chain and the U.S. economy.
For more news, projects, and profiles in the ICT cabling and connectivity sphere, subscribe to the CI&M newsletter and follow us on LinkedIn, Twitter, and Facebook.