A group of communications technology trade groups urged Homeland Security Secretary Alejandro Mayorkas and Commerce Secretary Gina Raimondo in an April 12 letter to stick by what they called the Federal government’s “longstanding commitment” to use industry-led standards and best practices to deal with cybersecurity and supply chain security issues facing the information communications technology (ICT) sector.
The tech groups including the Telecommunications Industry Association (TIA) said the ICT sector has engaged with the Federal government to promote a “consistent approach to supply chain risk management,” including during the coronavirus pandemic, and delivered a strong pitch to allow industry to keep driving the process forward.
Industry Pitches Leading Role
“Of critical importance now is maintaining the United States’ longstanding commitment to industry-led technical standards and best practices to address cybersecurity, supply chain, and other global challenges,” the ICT trade groups said. “Such standards are a bedrock of Federal trade, technology, and security policy, so it is imperative that your respective Departments champion them.”
“The Federal government should not attempt to create its own technical demands, nor should it try to supplant private sector leadership in standards bodies,” the groups said.
“In the wake of recently revealed, widespread compromises through software vectors like SolarWinds, government and industry face a renewed call to arms to address threats from foreign adversaries,” the groups said. “The government has a vital interest in preventing suppliers that pose a national security threat from exploiting U.S. networks or undermining critical functions.”
“However, policymakers should reconsider which tools are best suited to address particular aspects of this challenge and which kinds of approaches will deliver optimal security outcomes,” the groups said.
Wary Eye on Executive Order 13873
In particular, the groups flagged President Trump’s Executive Order 13873 which declared a national emergency regarding threats to ICT technologies and services from “foreign adversaries,” and in practical effect since then has led to the government’s ban of certain network equipment made by a variety of China-based suppliers.
The tech groups said to believe that actions to protect ICT sector security “should be more tailored” than provided for in the 2019 White House order.
“In the long term, the nation is best served by pragmatic approaches that are designed to address specific risks,” the trade groups said. “Critically, the United States should prioritize and champion industry-led standards and best practices that raise the bar for security across the ecosystem, increasing the cost of supply chain attacks for bad actors, and encouraging forward-thinking security risk management.”
The tech groups also recommended that the Commerce Department – in rulemakings that implement the 2019 White House order – should look to the existing ICT Supply Chain Risk Management Task Force led by DHS and the private sector for guidance.
The task force, the tech groups said, should be leveraged by the Commerce Department as “the key mechanism for public-private collaboration.”