Law banning staff and contractors from using Huawei and ZTE kit signed by President Trump
Mirai-friendly CCTV and DVR maker Hikvision also banned under new US government security laws
President Trump is to ban government staff and contractors from using smartphones and other devices made by Huawei and ZTE.
The ban has become law this week following the signing of the Defense Authorization Act, aka the "John S. McCain National Defense Authorization Act for Fiscal Year 2019", and will come into force over the next two years.
Specifically, the ban applies to any device or equipment used to route or view user data made by a number of Chinese companies, including Huawei and ZTE.
Other companies affected by the ban include lesser-known Hytera Communications, Hangzhou Hikvision Digital Technology Company and Dahua Technology Company, along with any company that the FBI or the Secretary of Defense "reasonably" believes has links to a foreign government.
Hikvision, perhaps intriguingly, makes security cameras and digital video recorders of the type compromised by the Mirai malware.
The law also states that employees, companies, agencies, and contractors must replace their current devices if covered by the ban. It covers technology that is a "substantial or essential component of any system". That means that some components from both companies can still be used, as long as they don't have access to user data.
In a statement, Huawei criticised the ban as a "random addition" to the Defense Authorization Act that was "ineffective, misguided, and unconstitutional". The company said that the ban would increase costs for consumers and businesses, and claimed that it failed to "identify real security risks or improve supply chain security".
It added: "We believe that the American people deserve equal access to the best possible connections and smart device options, and will keep working to make this happen."
The ban comes at a time of heightened concern over state-sponsored cyber attacks, and the belief that security flaws in communications and security products - implemented by accident or, perhaps, deliberately installed at the behest of a state authority - could be exploited either now or at some point in the future.
For ZTE, which has yet to comment on the ban, it represents a softening by the US government. An earlier version of the bill contained a total ban on US companies doing business with ZTE - a move that followed on from the seven-year supply ban instituted by the US Commerce Department, lifted following an intervention by President Trump and a new agreement negotiated by US Secretary of State for Commerce Wilbur Ross.
Huawei funds the Huawei Cyber Security Evaluation Centre (HCSEC) in the UK, overseen by an ‘oversight board' led by the National Cyber Security Centre. This was established as part of its effort to reassure buyers of its networking products and set-up after it won tenders for BT's 21st Century Network upgrade. Concerns, however, still remain.