US President Joe Biden has signed an executive order that incorporates five additional national security factors that the Committee on Foreign Investment in the United States (CFIUS) must consider when reviewing certain investments. The five new factors include potential effects on critical supply chains; potential threats to US technological leadership in areas related to national security; investment trends that could pose a threat to national security; cybersecurity risks; and risks to US persons’ sensitive data.
- This emphasizes best practices the CFIUS was already performing, augmenting practices already set out in the CFIUS statute. While framed as illustrative, it’d be best to incorporate them as an SOP as having a written standard reduces the likelihood of future committee members not being aware of what is required. This is the first formal instruction on risks to consider since the committee was established in 1975. Standards or best practices should be reviewed regularly to ensure they keep pace with the emerging threat landscape. Even so, care must be taken not to neglect prior threats which, while not active or current techniques, are still viable.
- This is an interesting development as it highlights that in order for us to make a more secure world we cannot rely solely on technical solutions. Yes, technical solutions are important but so too is legislation and regulations, such as this and the EU Cyber Resilience Act (as outlined in this issue of NewsBites), in order to motivate significant change in those the produce cybersecurity solutions and those that purchase them.
Read more in
- Biden adds cyber, data, supply chain risks to CFIUS reviews
- Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States
- FACT SHEET: President Biden Signs Executive Order to Ensure Robust Reviews of Evolving National Security Risks by the Committee on Foreign Investment in the United States