During a speech to the Asia Society on March 11, 2013, National Security Advisor Tom Donilon took China to task for suspected acts of cyber-espionage, arguing that Chinese state-sponsored attacks pose risks “to international trade, to the reputation of Chinese industry and to our overall relations.” Over the past decade suspected Chinese cyber attacks have been launched at targets ranging from the New York Times to the Department of Homeland Security. Although the United States and China have often traded heated words regarding the use of cyber-espionage, in recent days, rhetoric has turned into action.
On March 26, President Obama signed into law H.R.933, the Consolidated and Further Continuing Appropriations Act, to prevent a government shutdown. Although the provision went largely unnoticed in the immediate aftermath of the Act’s passage, it has drawn increasing scrutiny in recent days. Section 516 is unique insofar as it is one of the first laws to specifically target the sale of Chinese produced information technology products to U.S. departmental agencies. Also, it seems to be one of the first concrete steps taken by the Obama administration to address a critically vulnerable area, cyber-security. However, the efficacy of the provision in protecting American cyber-security is dubious, and the motivations behind the inclusion of the provision more so.
First, and perhaps most importantly, the provision barely addresses American cyber-security vulnerabilities. Second, the provision is largely an empty gesture. The Obama Administration could easily decide that an “information technology ‘system’ is created whenever an English-language manual is shrink-wrapped to a Chinese-sourced router. As long as the shrink-wrapping is done by an American contractor, the newly minted “system” might fall outside the scope of the law.” Third, the measure will likely do nothing to stop the steady stream of Chinese cyber-attacks but could do a great deal of economic harm to Chinese companies such as Lenovo, which provides information technology services to the United States military and NASA. Indeed, a staggering amount which Section 516 will undoubtedly affect. Moreover, American companies may also be inadvertently barred from selling their information technology products by Section 516 if their suppliers are directed or subsidized by the Chinese government. Although Section 516 is a concrete step in addressing the basic issue of Chinese cyber-espionage, ultimately, this provision seems destined to offer little towards an actual solution to American cyber-security vulnerabilities.