In its effort to track current legislative and regulatory initiatives of significant relevance to the standardization community, the American National Standards Institute (ANSI) encourages stakeholders to submit feedback to a U.S. Department of Commerce's (DOC) request for comments on the implementation of Executive Order 13873, Securing the Information and Communications Technology and Services (ICTS) Supply Chain. Submit comments on or before December 27, 2019.
According to the proposed rule document, issued in the November 27 Federal Register, the ICTS supply chain has become increasingly vulnerable to exploitation and is an attractive target for espionage, sabotage, and foreign interference activity. ICTS that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary augment potential adversaries' ability to create or exploit vulnerabilities in ICTS to potentially catastrophic effect.
About Executive Order 13873
The President issued EO 13873 on May 15, 2019, pursuant to statutory authorities, including the International Emergency Economic Powers Act and the National Emergencies Act, in light of the finding that foreign adversaries are increasingly exploiting ICTS to commit cyber actions, including economic and industrial espionage against the United States. The EO gives the Secretary of Commerce, in consultation with other relevant Federal agencies, authority to prohibit or mitigate transactions initiated, pending, or completed after May 15, 2019, that involve ICTS designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary, if such transactions pose: an undue risk of sabotage or subversion ICTS in the United States; an undue risk of catastrophic effects on the security and resiliency of critical infrastructure or the digital economy in the United States; or an unacceptable risk to national security or to the security and safety of U.S. persons.
The proposed rule sets out the procedures the Secretary of Commerce plans to use to identify, assess, and address ICTS transactions that pose an undue risk to ICTS in the United States, to the critical infrastructure or the digital economy in the United States, or an unacceptable risk to national security or to the security and safety of U.S. persons. The document does not identify specific technologies or companies as targets. The public has a 30-day period to submit comments.
Read more in the November 27 Federal Register Notice.