After the midterm elections tomorrow, Congress is expected to act on the closest thing to cybersecurity legislation it can pass without running into gridlock.
The National Defense Authorization Act, an annual must-pass package, typically includes several items intended to shore up federal computer systems. For the most part, the bill sidesteps the divisive issues, such as the regulation of private networks and domestic cyberspying.
This year, the House version of the bill would prejudice computer systems proposed for federal contracts that contain components from “a company suspected of being influenced by a foreign country, or a suspected affiliate of such a company.”
It also would disfavor contractors located near military facilities whose own private, internal networks contain such parts.
Vendors are warning lawmakers the mandate could equate to a ban on U.S. multinational companies and an invitation for the U.S. government to surveil their private communications.
“We don’t know if they are after Huawei or who they are after,” Pamela Walker, senior director for homeland security with the IT Industry Council, said on Monday, referring to the Chinese telecom giant accused of cyber espionage. “What were they trying to solve with this language?”
The measure “could sweep into the bill’s scope a whole range of multinational companies — including U.S.-based ones — who have R&D, manufacturing and sales activities all over the world, and often related relationships with various governments,” council officials stated in recommendations submitted to Congress last month. “The economic impact from the exclusion of any one reasonably sized innovative commercial IT or telecommunications company under such conditions could easily have an impact in the hundreds of millions and cost countless jobs.”