Trump signs order to restrict foreign use of cloud companies

Washington

ON his last full day in office, US President Donald Trump signed an executive order the White House said was aimed at preventing foreign malicious cyber actors from using US online infrastructure to carry out their activities.

The order, which provides the Commerce Department with the authority to impose record-keeping obligations on foreign transactions, is viewed as a response to the recent hacking campaign that infected software from SolarWinds Corp and targeted organisations including government agencies.

"Foreign malicious cyber actors threaten our economy and national security through the theft of intellectual property and sensitive data, and by targeting United States critical infrastructure," National Security Adviser Robert O'Brien said in a statement.

He said abuse of American infrastructure service products - such as those offered by cloud outfits like Amazon Web Services and Microsoft Azure - had "played a role in every cyber incident during the last four years, including the actions resulting in the penetrations of United States firms FireEye and Solar Winds".

It was a "much-needed step, unfortunately it takes a significant and public compromise like the SolarWinds breach into US government infrastructure to drive change like this," said Jon DiMaggio, chief security strategist at Analyst1, a cyber-threat analysis firm in Reston, Virginia.

"It certainly isn't the first time supply chain attacks have happened, nor is it the first time the US government has been aware of the problem. It's about time we started looking past the vendor cost to determine what technology we allow to support critical government infrastructure," he added.

The order allows the Commerce Department to block American infrastructure firms from operating in countries where those products are used for malicious cyber activity, either by individuals or if the country's own government is a source of that activity.

The order also grants powers to ban or impose conditions on foreigners opening or maintaining accounts with American firms within the US if they are found to be involved in malicious cyber activity.

The Commerce Department is tasked with proposing regulations within six months of the order being issued, but it isn't clear that the incoming administration led by Joe Biden will implement it.

"I could see them adding a comment period or something from the impacted companies," said Alex Stamos, a Stanford University professor helping SolarWinds' recovery efforts after its breach, who had served as chief security officer at Facebook until 2018. Mr Biden "might just wholesale wipe out every executive order too."

In December, Austin, Texas-based SolarWinds found itself at the centre of the largest cybersecurity attack in recent memory. Suspected Russian hackers breached the internal networks of at least 200 customers, including US government agencies and an as-yet-unknown number of private companies, a cybersecurity firm and people familiar with the investigation told Bloomberg News.

In an operation that cybersecurity experts have described as exceedingly sophisticated and hard to detect, the hackers installed malicious code in updates to SolarWinds' widely used Orion software, which was sent to as many as 18,000 customers. BLOOMBERG