WASHINGTON – Today, President Donald Trump signed an Executive Order: Securing the Information and Communications Technology and Services Supply Chain, declaring that threats to the information and communications technology and services supply chain by foreign adversaries are a national emergency. The Executive Order prohibits transactions that involve information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary whenever the Secretary of Commerce determines that a transaction would pose a threat to national security, as articulated in the Executive Order.
The Secretary’s determination would be based on consultations with the Attorney General, the Secretaries of Treasury, State, Defense, and Homeland Security, the United States Trade Representative, the Director of National Intelligence, the Administrator of General Services, the chairman of the Federal Communications Commission, and the heads of other appropriate agencies. In carrying out this mission, the Department of Commerce will issue regulations within 150 days to establish procedures for reviewing such transactions.
“President Trump is acting once again to protect U.S. national security. This Executive Order addresses the threat posed by foreign adversaries to the nation’s information and communications technology and services supply chain,” said Secretary of Commerce Wilbur Ross. “Under President Trump’s leadership, Americans will be able to trust that our data and infrastructure are secure.”
Implementation and Reporting
The Secretary of Commerce, in consultation with the Secretary of State, is authorized to submit reports to Congress on the national emergency declared in the Executive Order. The Director of National Intelligence is required to produce an assessment within 40 days of the Executive Order on the risks to the United States Government, critical infrastructure, and the American people from information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. The Secretary of Homeland Security, in coordination with sector-specific agencies and coordinating councils, must produce a written assessment within 80 days of the Order evaluating vulnerabilities in hardware, software, and services that threaten the national security of the United States. This assessment will also evaluate to what extent the hardware, software, or services are relied upon by service providers and critical infrastructure entities.
Within one year of the Executive Order, the Secretary of Commerce, in consultation as appropriate with the Secretaries of Treasury, Homeland Security, State, Defense, the Attorney General, the United States Trade Representative, the Director of National Intelligence, and the Chairman of the Federal Communications Commission must report to the President whether the actions taken are sufficient and continue as necessary to mitigate the risks identified in the Order.