All companies and truckers working in business with the federal government, through a provision in Section 889 of the 2019 fiscal defense authorization bill, must purge all implemented technology systems made by five specific Chinese technology providers that have recently been prohibited.
These five Chinese tech companies–Dahua Technology, Hikvision, Huawei Technologies Co., Hytera, and ZTE Corp., were found to be potential U.S. intelligence and defense agency information system hackers.
A majority of federal government-collaborating companies have been doing what they can to remove this technology from their fleets, but there has been a plethora of difficulties in accurately identifying the 300 different subsidiaries and affiliates of these Chinese companies that were originally identified by one particular data security branch.
The items that need immediate removal include: cell phones, computers, GPS products, cameras, computer routes, and other onboard truck technologies, and companies which don’t comply with the purge requirement may lose their government contracts.
“Part of the problem is that it’s not always crystal clear exactly what to do, or what products you have to avoid in order to be compliant,” noted a Scopelitis, Garvin, Light, Hanson & Feary P.C. transportation regulatory specialist.
Because identifying all particular aspects of technology needing purging isn’t as easy as it should be, trucking companies have had to use their own discernment to the best of their abilities.
“So, it becomes partly a matter of judgment,” the specialist continued. “It’s plain to say that carriers doing business with the government that I have spoken to have all taken substantial efforts to be in compliance.”
Indeed, industry executives have been working together to find the best ways to find the subsidiaries and affiliates of these Chinese technology companies, and the obstacles of such efforts were even recently discussed during a May freight conference, according to first vice chairman of ATA’s Government Freight Conference and president of Bennett Motor Express, Charles Phillips.
“It would be nice to have a government repository that would allow motor carriers to go into and see all the subsidiaries and other companies that carriers can’t buy from,” explained Phillips, who also noted that the current regulation does not explicitly outline the Chinese companies’ subsidiaries. “We talked about pursuing the government for a repository. It’s on our docket to work toward [this].”
In relation to the five Chinese companies, agentless device security platform Armis was able to find 291 specific affiliates when the regulation first came into effect.
“The release of the Federal Acquisition Regulation Ban 889 has impacted many organizations, gaining visibility at the board level,” said Armis in a statement. The company also explained that when the ban was first released, it identified two particularly pressing problems: How would trucking companies be able to efficiently find the devices affected by the mandate, and what was the best way of complying with the government’s request while also not hurting their business models and customer service capabilities?
“The biggest issue has been one of identification of devices across the entire enterprise, and this does include devices manufactured by the subsidiaries as well,” added Susan Torrey, a spokeswoman for Armis. “We at Armis performed a deeper analysis to gain a better understanding of the five vendors and also identified 291 subsidiaries as part of that research.”
It was also important to Armis to find ways of staying in communication about these efforts with their customers as much as possible.
“[Our analysis] includes having risk factors that can identify the specific manufacturers flagged by the U.S. government and alerting customers to their presence, so they can take appropriate action to remediate and demonstrate compliance,” said Torrey.
According to the National Defense Transportation Association, this regulation comes from the 2019 Worldwide Threat Assessment of the Intelligence Community and the U.S. National Counterintelligence and Security Center.
“Chinese intelligence and security services may use Chinese information technology firms and their equipment as routine and systemic espionage platforms,” said the association on its website. “The increasing reliance on foreign-owned or controlled equipment and services, and reliance on those that present national security concerns, creates vulnerabilities in U.S. supply chains.”