OPINION — Within a few years, companies are expected to spend more on public cloud computing than they do on traditional information technology, as the convenience, scalability, and flexibility of the cloud make it the default for application software and other uses. But the shift to the cloud is not inevitable. It could be stopped in its tracks by legislation that would compromise the security of the cloud – perhaps even making platforms and data vulnerable to hostile foreign governments.
Congress is considering the American Innovation and Choice Online Act (AICOA) to curb what some see as the excessive power of large U.S. technology companies. More than a year after its introduction, the bill has yet to come up for a vote, in part because of numerous concerns that it would undermine U.S. tech companies against competitors in places like China where the government is not trying to weaken them.
One of the most pressing concerns about AICOA is that it would mandate that U.S. tech companies provide unvetted—and potentially nefarious—third parties with unprecedented access to their platforms and data. Hostile actors, including companies with deep ties to foreign intelligence services, then could circumvent existing security measures and gain entry to cloud infrastructures.
Get your 10-minute national security daily brief with Suzanne Kelly and Brad Christian by listening to The Cipher Brief’s Open Source Report Podcast wherever you listen to podcasts.
The antitrust bill would mandate that platforms allow vaguely defined “business users” full interoperability and access to “operating system, or hardware or software features.” By effectively nullifying the concept of “Zero Trust” architecture, this would set cybersecurity back decades. Zero Trust is fundamentally about securing hardware, software, and networks through “least access” policies. AICOA, meanwhile, would limit companies from initiating proactive security applications (like Zero Trust) in today’s ever-changing, and ever-more-threatening security landscape.
Opening hardware, software, and networks to untrusted third parties would have real-world impacts. We saw this with the hacking of SolarWinds which allowed nefarious elements — probably Russian intelligence — to spy undetected for months on U.S. companies and government agencies. Companies, critical infrastructure networks, and even sensitive government systems remain vulnerable to cloud-enabled hackers and foreign spies.
The threat landscape is not hypothetical. U.S. government officials have repeatedly raised concerns about adversary countries like China trying to exploit U.S. networks. Earlier this year, the leadership of the FBI and the United Kingdom’s MI5 issued an unprecedented warning about China’s espionage efforts against the West, focusing on sensitive technologies and the theft of Intellectual Property. FBI Director Christopher Wray stated that Chinese companies either willingly or forcibly participate in Beijing’s espionage efforts and warned that U.S. companies engaging with these companies pose fundamental security risks.
Subscriber+Members have a higher level of access to Cipher Brief Expert Perspectives on Global Issues. Upgrading to Subscriber+ Status now.
Many former national security professionals have warned about the risks posed by antitrust legislation. Inside the U.S. government, many current intelligence officials are reportedly resisting political pressure to “sign off” on AICOA given their many security concerns with the bill.
Yet our elected officials overlook the risk of antitrust bills allowing Chinese companies legal methods to request new avenues for access, including to secure cloud services, of the largest U.S. banks, energy companies, hospital systems, and even defense and intelligence agencies.
Lawmakers must seriously consider the concerns expressed by security professionals to avoid a major threat to the U.S. cloud infrastructure. Our priority must be to improve our nation’s competitive posture vis-a-vis China, Russia, and other adversaries. The cloud can be a conduit for American innovation, economic growth, and convenience for millions – or it can be stifled by security concerns. The choice is up to Congress.
Read more expert-driven national security insight, perspective and analysis in The Cipher Brief
