The step by Congress, signed into law by the President, as pertains to the four agencies and China-related acquisitions is "an important first step," Borg concluded. "It's a first step that's long overdue."
However, it could also be a step fraught with more legal difficulty ahead, warns one attorney with long experience in national-security issues.
Stewart Baker, attorney at Washington-based law firm Steptoe & Johnson, said in his own comments on the topic that while the U.S. government's new rule "doesn't prohibit purchases of Chinese-government-influenced systems, it makes such purchases politically difficult."
He noted "China has spent years trying to curtail its own purchases of IT from outside its borders, but that won't stop it from calling the bill protectionist and claiming a violation of US WTO [World Trade Organization] obligations," though China itself has not officially signed onto WTO government procurement rules.
The Geneva-based WTO is a forum where countries, as members, establish foundational trade agreements or try to settle disputes.
Baker says since the new U.S. procurement rule concerns "Chinese-government-influenced entities, no matter where they manufacture their products," the provision "could prevent purchases of Lenovo computers manufactured in Germany, or Huawei handsets designed in Britain." These countries have joined the WTO government-procurement code, he noted. The irony is that "this means the U.S. could see WTO challenges to the provision from its own allies (unless they're so sick of Chinese hacking that they decide to emulate the new provision rather than attack it)," Baker points out.
Baker went on to say that if the U.S. government is drawn into this kind of WTO dispute, it could be a hard fight to defend its new procurement rules. The U.S. could "make a good case that attacks on the Commerce Department or the Justice Department information systems threaten national security, but it's hard to argue that the IT systems those departments buy are themselves indispensable for national security."
At any rate, Baker predicts the likelihood is there will be more to come, perhaps with the U.S. Trade Representative's (USTR) office weighing in. But any decision by the U.S. government to have waivers for IT systems falling under the new China-related procurement rules would put the President in an awkward position, he pointed out.
There could be a path taken in which a narrower definition of "Information technology system" is put forward that would spare American contractors supplying Chinese-sourced routers, for example, Baker suggested. But he added that would so clearly flout the intention of the provision, that it would raise serious political problems all around for both sides of the aisle in Congress and the Obama Administration, "which could find itself painted as an apologist for Chinese cyberespionage something it has worked hard to avoid in the past."
Sign up for CIO Asia eNewsletters.