December 17, 2021
Using a Sanctions Framework to Fix the ICTS Executive Order
At the start of the Biden administration, the president made a consequential decision to retain the Executive Order on Securing the Information and Communications Technology and Services Supply Chain, which was issued by President Trump and prohibits the import of information and communications technology and services (ICTS) from foreign adversaries. The executive order and its implementing regulations (together, the ICTS rules) are a critically important effort to prevent capable foreign cyber actors, notably China and Russia, from exploiting the open nature of the U.S. ICTS market. Notwithstanding this strong security rationale, the industry has heavily criticized the ICTS rules as overly broad and vague. To address these concerns, the Department of Commerce, the agency that leads the implementation of the ICTS rules, committed to implement a voluntary licensing process, which would allow transacting parties to apply for preapproval of their ICTS transactions. The objective of the licensing process is to provide certainty to transacting parties, allowing them to engage in nonrisky, commercially beneficial ICTS transactions without fear that the government will seek to unwind or ban the transactions in the future.
While laudable in intent, establishing a licensing regime based on the current structure of the ICTS rules is likely to fail.
This is simply a matter of numbers. According to the Commerce Department’s own assessments, up to 4.5 million firms may engage in ICTS transactions on a regular basis. Opening up a licensing process for any—or all—of these firms would likely lead to an unmanageable flood of applications, forcing the department to divert its extremely limited resources to processing licenses for ICTS transactions that may not present any genuine national security risks. The department will inevitably be pressured to narrow the scope of the ICTS rules in order to effectively manage the licensing process, which would erode the national security benefits of the rules.
To address these challenges, the Commerce Department should restructure the ICTS rules to adopt a sanctions framework by creating a new list of entities that would be prohibited from selling ICTS into the U.S. market. In other words, this could function as an ICTS sanctions list. An ICTS sanctions approach would mirror the regulatory structure of existing U.S. sanctions authorities, preserving the broad authority and discretion of the government to respond to evolving threat and technology environments. A designations process for listing sanctioned ICTS entities, along with the scope of ICTS transactions subject to a prohibition, would provide much needed certainty to the private sector. This approach avoids the need for a resource-intensive, generally available voluntary licensing process, as the ICTS designations list would provide bright line rules around which transactions are or are not prohibited.
Read the full article from Lawfare.
More from CNAS
-
Sharper: Allies and Partners
Amid intensifying geopolitical challenges, the United States is finding new ways to address security issues by cultivating and strengthening alliances and partnerships. How ca...
By Gwendolyn Nowaczyk & Charles Horn
-
Why Chinese EVs Are a Cyber Risk
Electric vehicles are becoming more popular and if you can’t afford a Tesla, a cheaper Chinese made car could be the answer. But in the United States, the Biden administration...
By Adam Tong
-
Europe’s Take on Economic Security with EU Ambassador to the U.S. Jovita Neliupšienė
Ambassador Jovita Neliupšienė, the European Union's Ambassador to the United States, joins Emily and Geoff for a wide-ranging conversation on Europe's growing role as a econom...
By Emily Kilcrease & Geoffrey Gertz
-
Biden Urges Israel Not to Attack Iran Nuclear Sites
Rachel Ziemba joins Bloomberg Television to discuss oil rising for a third day as traders watch for supply risks in the Middle East. Watch the full episode from Bloomberg Tel...
By Rachel Ziemba