Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Obama’s Stopgap Spending Bill Blocks Government IT Purchases from China

On Tuesday, President Obama signed the continuing resolution that will keep the government running though the end of the fiscal year – avoiding a shutdown. However, within the resolution itself, section 516 to be exact, there is a provision to block IT purchases from China.

On Tuesday, President Obama signed the continuing resolution that will keep the government running though the end of the fiscal year – avoiding a shutdown. However, within the resolution itself, section 516 to be exact, there is a provision to block IT purchases from China.

According to section 516 (PDF), none of the money appropriated by the continuing resolution can be used by the Department of Commerce, the Department of Justice, NASA, or the National Science Foundation to acquire IT technology unless the head of the entity involved, along with the FBI has assessed “any associated risk of cyber-espionage or sabotage associated with the acquisition of such system…” 

WhitehouseThis includes any risk associated with IT technology that was “produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.”

The only way that such a purchase can be made is if the technology is in the national interest of the U.S.

Such wording and measures only continues the administration’s stance against firms such as ZTE and Huawei. While the government has spent the last year blasting those two firms for their alleged ties to cyber-espionage and other related crimes against U.S. interests, as well as being beholden to the Chinese government first and all others second, section 516 also prevents funds from going to Lenovo – one of the world’s largest hardware vendors when it comes to laptops and other IT needs.

Last week, Mandiant’s Kevin Mandia told a hearing of the Senate Armed Services Committee that China has placed a large investment in cyber-espionage operations.

“It would take thousands of people, thousands of systems… the mere infrastructure alone, and the time, and duration and scope of this effort to steal our secrets has gone on for so long that there’s a large amount of investment in it,” he said.

Earlier this month, China’s Foreign Minister, Yang Jiechi, said that talk of China being on a hacking spree targeting international governments and high-value targets is built on shaky ground, adding that anyone “who tries to fabricate or piece together a sensational story to serve a political motive will not be able to blacken the name of others nor whitewash themselves.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.