Bob Kolasky
Asst. Director
CISA
DHS Exec Dismisses Huawei’s Inclusion in ICT Supply Chain Task Force
An executive from the Department of Homeland Security has dismissed the idea of including Huawei in the agency’s Information and Communications Technology Supply Chain Task Force, citing the national security risks tied with the Chinese company.
While the task force values a diverse set of opinions in its mission to strengthen government agencies’ cybersecurity, DHS officials follow a risk assessment protocol when recruiting organizations.
Bob Kolasky, assistant director for the national risk management center at Cybersecurity and Infrastructure Security Agency, noted that the risk judgment associated with Huawei makes it uncomfortable to involve the company in conversations about the country’s critical infrastructure, CyberScoop reported.
U.S. officials have been adamant that Huawei is subject to Chinese laws mandating technology firms to feed information to state security services. The Chinese company is also on the receiving end of espionage allegations and is suspected of conspiring to steal American trade secrets, among other things.
Besides its involvement with cybersecurity violations, Kolasky, a past speaker for the Potomac Officers Club, told the participants at CrowdStrike’s Fal.Con for Public Sector Conference that Huawei lacks critical infrastructure in the U.S. to warrant inclusion on the task force.
Citing the evolving threat landscape and technological advances, Joyce Carroll, assistant director for supply chain and cyber at the National Counterintelligence and Security Center, said officials have now pivoted to focusing on areas where cyber threats could make the most impact.
Since the conclusion of the Obama administration, the federal government has shifted its cybersecurity strategy from minimizing the influence of adversarial foreign countries to implementing data protection strategies aimed at mitigating damage from possible attacks on vulnerable U.S. networks.
Currently, the task force is keen on encouraging organizations to follow recognized supply chain security strategies, which involve purchasing technology from authorized resellers or original equipment manufacturers and establishing risk management procedures and clearer contractual language.
Category: Speaker News