The US Office of National Intelligence and other national security agencies have described the risk of intrusion by the People’s Republic of China (PRC) enabled through technology like Huawei smartphones, Hikvision video cameras, and Lenovo laptops. Substantive federal policy enacted by the National Defense Authorization Act (NDAA) may restrict some products and firms from federal procurement, but these products are still widely available for consumers and enterprise and are unwittingly purchased by state governments. The Federal Communications Commission (FCC) wants to close this loophole. Its Congressional authority and mandate to do so is described among other legislation in the 2019 Secure and Trusted Networks Act which established the FCC’s “Covered List” and the roadmap for adding entities which pose an unacceptable risk to national security.
Under section 889 of the NDAA, contractors to the US military must ensure that they do not deliver products or services containing restricted items. However, such a rule could be circumvented by changing the label on a restricted product, as Sepio depicts in a video. Sepio provides hardware access control solutions with fingerprinting technology and machine learning to give organizations visibility into their hardware assets, whether connected as a computer peripheral or network device. It then triggers an alert if any of the enterprise’s assets are acting abnormally or are identified as rogue devices spoofing as legitimate ones. The application administrator can enforce specific hardware usage policies, creating granular access control based on roles or device characteristics.