Section 889 is part of the National Defense Authorization Act (Section 889 Challenges) for Fiscal Year 2019. The statute imposes new restrictions on the procurement of telecommunications equipment or services and their subsidiaries or affiliates, based on their ties to the Chinese government. In doing so, the regulation expanded the list of forbidden products for federal contractors.
The aim of Section 889 is to protect National Security from cyber-attacks carried out by foreign adversaries. The US government has, on numerous occasions, accused the Chinese government of using its telecommunications operators for pernicious purposes. Specifically, malicious activity aimed towards the US. According to Robert Bigman, “this [Section 889] was specifically [created] as a result of intelligence that the US government had” (Interview with Robert Bigman, Former CISO @CIA).
Section 889 Challenges
Section 889 of the federal government regulations imposes restrictions on the procurement and usage of specific telecommunications equipment or services. These restrictions apply to entities such as the federal government, government contractors, and grant and loan recipients. The prohibited equipment or services include those produced by Huawei, ZTE, Hytera, Hikvision, and Dahua, as well as their subsidiaries. These entities cannot use such equipment or services as a substantial or essential component of any system or as critical technology within any system.
The statue does not have an exemption for commercial item contracting. Thus the prohibition applies to all purchases regardless of the size of the contract or order.
Section 889 is Comprised of Two Parts:
| Sec. 889(a)(1)(A) (known as Part A) | Requires the federal government, as of August 13, 2019, to not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” |
| Sec. 889(a)(1)(B) (known as Part B) | Since August 13, 2020, the federal government is prohibited from entering into or extending or renewing contracts with any entity that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” |
Part B of the regulation has a significant impact on the government and its contractors. The statute’s language is extensive and ambiguous, making compliance challenging. According to Robert Bigman, anyone supporting contractors who serve the government must comply with these regulations. Contractors are obligated under Section 889 to annually disclose to the government whether their supplies or services involve covered telecommunications equipment or services.
Supplies and services also include products that they use, but do not own. And is not limited to geographical boundaries, meaning that the geographical location of the equipment system or service, and the geographical location of its use, is irrelevant – all covered telecommunications equipment and services fall under the regulation.
Furthermore, contractors must report to the government when covered telecommunications equipment or services are in operation during contract performance. Section 889 challenges proves to be a comprehensive regulation that aims to maintain US National Security. As the attack surface increasingly moves towards the perilous cyber realm.
See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.
