The US government is to introduce a "cyber espionage review" process into future purchases of IT after the measures were passed in a new funding law signed this week by President Obama.
It follows reports in the press since the beginning of the year highlighting the cyber-warfare capabilities of China's People's Liberation Army, and a report by security consultants Mandiant for the New York Times pinpointing a particular office complex in Beijing from which sophisticated cyber attacks were claimed to have been launched.
Further reading
China happy to talk to US about cyber security E-procurement and cloud form centrepiece of government's green IT strategy China refutes hacking claims, points finger at US £4bn Government Procurement Service IT framework contract finally awarded Government to speed up ICT procurement by 40 per cent
A provision in the 500+ page spending law requires government purchasers to formally assess hardware and software for "cyber-espionage or sabotage" risk in consultation with the state security agencies when considering buying IT.
The law specifically names China, and also stipulates that the assessment must include "any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidised".
The US imports just under $130bn of high-tech products from China, according to the Congressional Research Service.
However, a Chinese foreign ministry spokesman accused the US of practising discrimination and urged the government to abandon the law.
"This bill uses internet security as an excuse to take discriminatory steps against Chinese companies. It is not beneficial to mutual trust between China and the US, nor to the development of trade and economic relations," he said.
The new laws were highlighted by lawyer Stewart Baker, a partner at law firm Steptoe & Johnson and a former assistant secretary in the US Department of Homeland Security, in his blog:
"The sanctions provision bars federal government purchases of IT equipment 'produced, manufactured or assembled' by entities 'owned, directed, or subsidised by the People's Republic of China' unless the head of the purchasing agency consults with the FBI and determines that the purchase is 'in the national interest of the United States'."
Baker added that the measures could hit PC maker Lenovo particularly hard. Many US companies, meanwhile, such as Cisco, also manufacture a lot of their hardware in China.
Lenovo told Reuters that it was aware of the bill and reviewing its wording. "Depending on how the language is interpreted, it could in fact apply very broadly to many companies across the IT industry from all around the world," Lenovo said in a statement issued to Reuters.
It added: "We are very confident and comfortable that we will continue to be very successful in growing our business in the US even as we and all of our competitors navigate new regulations."
However, it is unclear whether it will target just Chinese companies or goods made by Chinese companies - regardless of whether it is manufactured in China or elsewhere. That could affect Lenovo computer equipment made in Germany or Huawei hardware designed or assembled in the UK. It could therefore draw complaints and retaliatory action from countries other than China.
But Baker warned that once such provisions are inserted into US "appropriations bills" they tend to remain there. Often, he added, the measures get beefed up over time.
