Cyber Cafe: Prohibited Telecommunications Equipment

Have you surveyed your IT assets lately?

The government prohibition on the use of “covered telecommunications equipment or services”, namely equipment from Huawei or ZTE and video surveillance and telecommunications equipment by Hytera, Hangzhou Hikvision or Dahua, has a lot of companies looking at routers,  and wondering how this applies to their government contracts.

Section 889(a)(1)(A) of the National Defense Authorization Act of 2019 prohibits the government from procuring covered telecommunications services. Part A applies only to what you provides to the government under a contract and is a flow down.

Section 889(a)(1)(B) of the same act prohibits the government from contracting with a company that uses any of the covered telecom services. This rule is still an interim rule effective August 13, 2020. Public comments are still being accepted until mid-October. This part of the rule currently does NOT flow down.

FAR 52.204-24: Representation. You must represent to the government that your company will or will not provide covered telecom equipment or services and you must conduct a reasonable inquiry of your company’s devices to determine if the company uses covered telecom equipment.

If you are a company with international offices, or for example you provide video surveillance to a base or government facility, you need to fully understand these rules and the applicability to your infrastructure and contracts you may have with the government. Not only that, you should understand how and what you are representing to the government.

FAR 52.204-25: Prohibition. This clause provides some definitions for critical technology, backhaul, covered foreign country, and covered telecommunications equipment or services and specifically references Part A and B as described above.

Hilary and I will be talking about all this, including a breakdown of the definitions, what you need to do next and more in the Troutman Pepper Cyber Cafe Series on September 15, 2020 at 8:30am.

Register here for the next Cyber Cafe.

Heather Engel is a strategic advisor to government and industry clients on risk management, cyber planning, and security program development; and is an author and a keynote speaker at industry events around the country. She is the founder and Managing Partner at Strategic Cyber Partners, LLC and a recognized subject matter expert in NIST frameworks, FedRAMP, and Payment Card Industry security standards. She has over 18 years of experience in information technology and security and is experienced in both the private and government sectors. Ms. Engel graduated from the Pennsylvania State University and holds a Master of Business Administration from Florida Institute of Technology. She is a governor-appointed member of the Board of Directors of the Virginia Economic Development Partnership, where she chairs the Legislative and Policy Committee. Volunteer work includes Mary Baldwin University’s Cyber Security Program Advisory Committee and the Coastal Virginia CCI Leadership Council as subject matter expert on cybersecurity. She is also a member of the CIVIC Leadership Institute Class of 2020.