In the wake of the biggest distributed denial of service attack in history, Congress quietly added a new cyber-espionage review process for U.S. government technology purchases into the spending law signed by President Barack Obama this week. Reuters recently reported that a provision in the 240-page spending law requires NASA and the Justice and Commerce Departments "to make a formal assessment of 'cyber-espionage or sabotage' risk in consultation with law enforcement authorities when considering buying information technology systems." The assessment must include "any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by China. From the bill: SEC. 516. (a) None of the funds appropriated or otherwise made available under this Act may be used by the Departments of Commerce and Justice, the National Aeronautics and Space Administration, or the National Science Foundation to acquire an information technology system unless the head of the entity involved, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity, has made an assessment of any associated risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.

(b) None of the funds appropriated or otherwise made available under this Act may be used to acquire an information technology system described in an assessment required by subsection (a) and produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China unless the head of the assessing entity described in subsection (a) determines, and reports that determination to the Committees on Appropriations of the House of Representatives and the Senate, that the acquisition of such system is in the national interest of the United States.

Stewart Baker, in a blog post for the Volokh Conspiracy, notes the provision "restricts purchases from Chinese-government-influenced entities, no matter where those entities manufacture their products." Interestingly, the bill "could prevent purchases of Lenovo computers manufactured in Germany or Huawei handsets designed in Britain."

Ultimately, it appears that the U.S. remains concerned about Chinese cyber attacks. In October 2012, the New York Times reported that a House Intelligence Committee report concluded that two of China's largest telecommunications companies, Huawei Technologies and ZTE Inc., had stolen intellectual property from American companies and had the capability to spy on Americans. Huwaei and ZTE have been heavily subsidized by the Chinese government. According to the report, by allowing certain Chinese companies to do business in the United States, the Chinese government could easily intercept communications and initiate online attacks on critical U.S. infrastructure, including dams and power grids.

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm located in Dallas, TX.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the IP law firm and its IP law attorneys may be found at www.klemchuk.com.

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.