PerspectiveBans on Foreign Equipment in U.S. Critical Infrastructure

One executive order does not a trend make, but maybe two do. On May 1, President Trump issued an executive order banning the acquisition, importation, transfer or installation of any bulk electric power system equipment where the secretary of energy has determined, first, that the equipment was manufactured by a company controlled by—or subject to the jurisdiction of—a foreign adversary and, second, that the transaction poses an undue risk to the U.S. bulk-power system, economy or national security.

Jim Dempsey writes in Lawfare that “The order’s issuance signals that the administration’s efforts to purge from the nation’s telecommunications network any equipment made in China may represent a new approach to critical infrastructure in general.”

He adds:

Other expanded authorities aimed at reducing the foreign presence in strategically important U.S. infrastructure or services include the 2018 legislation strengthening the authority and procedures of the CFIUS, which referenced cybersecurity as an express interest of the committee’s process, and the recent chartering of Team Telecom. New rules for the CFIUS process became effective Feb. 13. Justin Sherman has commented on Team Telecom’s new assertiveness.

It seems only logical to include limits on foreign ownership and bans on foreign-made equipment within the cybersecurity toolkit of legal and policy measures, so long as policymakers and operators of critical infrastructure remember that domestically made products can be highly vulnerable to attackers too. One key question looms: Is the decoupling strategy further extensible? Are there other sectors dependent on Chinese or other foreign-made products with networked features where a cost-benefit analysis would favor a similar ban?