In its final weeks, the Biden administration established a complex new regulatory structure that affects potentially every American company collecting personal information. The rule is aimed at limiting foreign access—particularly access by China—to Americans’ sensitive data. With the new administration placing almost all federal regulations under scrutiny, it seemed that this rule was a prime candidate for the shredder. Instead, on April 11, President Trump’s Justice Department declared the Biden-era rule a “critical national security program.”. Where did this rare respect for the prior administration’s work come from? What does it portend for future policy directions? Answers can be found in the now decade-long effort of the U.S. government to manage the cybersecurity and geopolitical risks posed by globalized supply chains for digital data, products, and services. This article examines three defining initiatives: the banning of products and services offered by the Russia-based cybersecurity company Kaspersky, the ongoing effort to rip and replace China-made switches from the U.S. telecommunications infrastructure, and the TikTok saga. This review of recent history shows, first, that the restrictions emerging in U.S. law are based on a broad consensus across both political parties. Second, the policies have found support in all three branches of government: the executive branch, Congress, and the courts. Third, there is a certain tension between approaches that would flatly prohibit a foreign company’s products or services in the U.S. versus those approaches that allow the product or service subject to conditions aimed at mitigating national security concerns. Fourth, while some actions with regard to particular high-profile companies seem to have been taken in isolation, frameworks and fora are beginning to emerge to address these questions in a systematic way. And fifth, as a result of these developments and their likely extension, companies have to develop sophisticated policies, programs, and tools to illuminate and risk-manage their supply chains.
Cybersecurity Risk From Kaspersky to TikTok (Daniel Sutherland, Jim Dempsey – Lawfare)
Related articles
