At a glance.
- Critics warn US Bureau of Industry and Security is not equipped to block US tech exports to China.
- National Counterintelligence and Security Center under scrutiny for operational issues.
- Addressing the Cyberspace Solarium Commission’s remaining recommendations.
Critics warn US Bureau of Industry and Security is not equipped to block US tech exports to China.
Experts are worried that the US Bureau of Industry and Security (BIS) – the arm of the Commerce Department charged with approving sensitive US technology exports – doesn’t have the intelligence resources necessary to understand the full impact of selling advanced US tech equipment and software to China. Derek Scissors, a senior fellow at Washington, DC think tank the American Enterprise Institute, told CyberScoop, “They could use better intelligence, there’s no doubt about it. They have not made the transition to China being a national security problem.” As former BIS chief Nazak testified in June during a Senate Intelligence Committee hearing, “The weaker our industries become — semiconductors, telecommunications, critical minerals and rare earth elements, high-capacity batteries, and pharmaceuticals and medical equipment — the more our national security is at risk.”
In order to reduce American reliance on Chinese-made semiconductor chips, the Biden administration recently allotted $50 billion to support US chip manufacturing, and the White House has plans to broaden bans on US exports of semiconductors next month. But critics say the Commerce Department has neglected the issue for too long, and that BIS is a chink in its armor. Under Secretary of Commerce for Industry and Security Alan Estevez defended BIS’s efforts, stating, “As the threat environment has evolved as it relates to nation-state threats, new technologies, and an expanding array of contested domains, we are constantly working to build on those relationships, bring on additional resources, and leverage all sources of information to fulfill our critical and expanding mission.” To improve BIS’s posture, the 2023 Intelligence Authorization Act includes a provision for a pilot program to “assess the feasibility and advisability of providing intelligence derived from open source, publicly and commercially available information to the Department of Commerce to support the export control and investment screening functions of the department.” And BIS leadership has asked Congress for almost $200 million in discretionary spending and 593 new positions to bolster staffing.
National Counterintelligence and Security Center under scrutiny for operational issues.
A new study released yesterday by the US Senate Intelligence Committee indicates that the National Counterintelligence and Security Center (NCSC), in charge of coordinating US’s spy agencies’ intelligence efforts, is lacking a clear mission and adequate authority. As concerns about foreign disinformation and interference in US elections grow, the report warns that efforts to prevent China, Russia, and other adversaries from nabbing national secrets are being slowed by miscommunication, inadequate staffing, and a lack of funding at NCSC. As AP News explains, the Center is an arm of the Office of the Director of National Intelligence (ODNI), established in 2004 to coordinate priorities and improve information sharing across the eighteen members of the US intelligence community. According to the report, NCSC’s work is hampered by bureaucracy, hiring issues, a lack of authority, and the fact that President Joe Biden has yet to nominate a director for the Center. Senator Marco Rubio, vice chairman of the US Senate Intelligence Committee, says they want to make sure intelligence agencies have “the authorities and resources necessary to effectively confront these new counterintelligence threats.” Experts are unclear on a solution, as some feel the US should have its own counterintelligence agency that would take some of the responsibilities currently handled by spy agencies like the Federal Bureau of Investigation and the Central Intelligence Agency, while others think such an agency would only add to the confusion. A spokesperson says the NCSC appreciates the report for “identifying multiple recommendations to improve NCSC’s ability to lead the counterintelligence mission.”
Addressing the Cyberspace Solarium Commission’s remaining recommendations.
A report published today says the US Cyberspace Solarium Commission (CSC) is on track to have 85% of all of its recommendations for improving the country’s cyber posture implemented, with the remaining 15% facing hurdles or “significant barriers.” More than half of its recommendations have already been implemented, and the Washington Post reports that some of the CSC’s recommendations, like creating legislative language to identify the nation’s most vulnerable computer systems, remain top priorities for Congress. Many commission recommendations could be incorporated into the National Defense Authorization Act, an annual defense policy bill scheduled to hit the Senate floor in October.
The report, published by the CSC’s nonprofit successor CSC 2.0, states, “Since the publication of the first annual assessment in August 2021, Congress and the administration have made substantial progress bolstering U.S. cyber defenses by organizing and resourcing the U.S. government, cooperating with partners and allies, and enhancing collaboration with the private sector. But the work is not done.” According to former Cyberspace Solarium Commission Executive Director Mark Montgomery, the CSC’s recommendations for improving public-private partnerships and strengthening the government’s overall cyber ecosystem – like the establishment of a National Cybersecurity Certification and Labeling Authority – have yet to come to fruition. Montgomery told CyberScoop, “We’re in the middle of the story here and we have a lot more to do. Each year as you get away from the [original] report, we will get less and less done. And the question is, do we get enough done in the next two years to make a big difference?”