Committee Approves Graves Effort to Crack Down on Surveillance and Theft by State-Owned Enterprises
Today the full U.S. House Committee on Appropriations passed a number of provisions, authored and championed by Rep. Tom Graves (R-GA-14), to crack down on foreign entities and state-owned enterprises that seek to steal data and personal information from American citizens. The provisions, included in the FY21 Commerce, Justice, Science and Related Agencies funding bill's report language and listed below, are part of Rep. Graves' work this appropriations cycle to ensure Congress is prioritizing cybersecurity policies, especially as so much of the U.S. workforce is operating remotely. Today's language was authored amidst ongoing discussions about the potential threats posed to the U.S. from companies like Huawei and TikTok.
"I've included in today's legislation language requiring the development of secure 5G networks using technology and equipment verified to be secure from foreign surveillance. It's important that in "the race to 5G' our nation remain at the forefront of innovation. But not at the expense of personal, economic and national security," Rep. Graves said in opening remarks. "While taking steps to protect our networks, we also need to make sure that the apps and platforms we download on our personal devices don't have ties to foreign governments with a history of bad actions."
Implementation of a strong, national 5G strategy
Report language: National 5G Strategy - The Committee supports the development of secure 5G networks that are developed using technology and equipment that is verified to be secure from foreign surveillance or influence. The Committee believes it is in the best interest of the national and economic security of the United States to implement a strong national 5G strategy as outlined in Public Law 116-129.
Crack down on state owned enterprises and foreign entities spying on and stealing from American citizens
Report language: Chinese-government affiliated companies. - The Committee is concerned with companies operating within the United States that are known to have substantial ties to the Chinese government, including full or partial ownership by the Chinese government, and that are required by Chinese law to assist in espionage activities, including collection of personally identifiable information of American citizens. Such companies may pose cybersecurity risks, such as vulnerabilities in their equipment, and some are the subject of ongoing Congressional and Executive Branch investigations involving their business practices. The Committee directs DOJ to enforce applicable laws and prevent the operation of known foreign entities who participate in the theft of American intellectual property, harvesting of personal identifiable information on behalf of a foreign government, and the unlawful surveillance of American citizens by adversarial state-owned enterprises.
Increase threat intelligence sharing
Report language: Cybersecurity threat information sharing. - The Committee supports sharing by DOJ of cybersecurity threat warnings and intelligence with private companies who may benefit from actionable information to deter, prevent, or mitigate threats. The Committee asks DOJ to provide a briefing on this topic not later than 90 days after enactment of this Act.
Modernize and encourage federal agencies to adopt cloud technology
Report language: Cybersecurity and Conformity Assessment Programs. - The Committee instructs NIST, in collaboration with other relevant organizations, to report to the Committee no later than 270 days after enactment of this Act on challenges and approaches to establishing and managing voluntary cybersecurity conformity assessment programs for information and communication technologies including federal cloud technology.