Today President Biden issued an Executive Order (“EO”) with respect to the threat posed to the United States’ information and communications technology and services (“ICTS”) supply chain. The EO “directs the use of a criteria-based decision framework and rigorous, evidence-based analysis to address the risks posed by ICTS transactions involving software applications that are designed, developed, manufactured, or supplied by persons that are owned or controlled by, or subject to the jurisdiction of a foreign adversary . . . that may present an undue or unacceptable risk to the national security of the United States and the American people.”
As summarized in a press release accompanying the EO, it:
- Enables the U.S. to take strong steps to protect Americans’ sensitive data;
- Provides criteria for identifying software applications that may pose unacceptable risk; and
- Develops further options to protect sensitive personal data and address the potential threat from certain connected software applications.
A copy of the EO is available here EO PROTECTING AMERICANS’ SENSITIVE DATA FROM FOREIGN ADVERSARIES (003).
CPW has recently covered the intersection of cybersecurity and the supply chain, including at our webinar focused on the Colonial Pipeline hack and a putative class action that was filed in federal court in Georgia against the owners of the Colonial Pipeline. This is a rapidly developing area-for more on this in the near future, stay tuned.