The latest US appropriations bill, signed into law just this week, includes a provision that is likely to further raise tensions between the country and China. The provision requires the Department of Justice, Department of Commerce, NASA, and the NSF to perform a formal assessment of risk of cyber-espionage before purchasing computer systems and other IT equipment. There is a clause in the bill that states that the assessment must specifically analyze — with the assistance of the FBI — any "such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by the People's Republic of China to determine if the purchase is "in the national interest of the United States." Stewart A. Baker first wrote about the provision on his blog yesterday, and Reuters published a report on the restriction earlier today.
The provision comes shortly after a spate of attacks against US media outlets and government agencies. A report from security agency Mandiant traced those incidents to a building in Shanghai housing the People's Liberation Army Unit 61398, which is involved in cyber-espionage — a claim the Chinese government has denied.
Provision is unlikely to be removed from future appropriations bills
This isn't the first time the government has voiced concerns over Chinese IT equipment: a US House Intelligence Committee report last year found that Huawei and ZTE posed a national security risk. The new provision doesn't prevent US government agencies from using equipment sourced from these companies, but it will make purchasing IT systems from them — and others like Lenovo — more difficult. It is worth noting, however, that Huawei spokesman William Plummer told Reuters that the company believes the provision "does not apply to Huawei based on the description of covered entities," though the validity of that claim is unclear.