211025 Comments EO13984 Commerce Dept FINAL
Published
October 25, 2021
October 25, 2021
Ms. Trisha B. Anderson
Deputy Assistant Secretary
Intelligence & Security
U.S. Department of Commerce
Re: EO 13984, Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities
Dear Ms. Anderson:
The U.S. Chamber of Commerce (the Chamber) appreciates the opportunity to provide the Department of Commerce (the Department) feedback on the Trump Administration’s Executive Order 13984 (EO 13984) Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities.
Our members remain committed to supporting and enhancing the national security of the U.S., which includes strengthening resilience to cyber threats posed by hostile foreign adversaries and advanced persistent threat actors. Businesses confront advanced, persistent, often state-sponsored, cyberattacks that are increasingly sophisticated. Cyberspace remains the only domain where private companies must defend themselves against nation states or their proxies. These challenges are real, and their complexity deserves thoughtful responses that blend a mix of new cybersecurity requirements with incentives to U.S. infrastructure-as-a-service (IaaS) providers. Such an approach would increase security and resilience controls commensurate with the risk and threat.
As we noted our January 27th letter to Acting Office of Management of Budget Director Robert Fairweather, the Chamber supports the goal of EO 13984. We urge the Department, however, to consider our serious concerns as it examines next steps. Specifically, we are concerned that EO 13984:
- Overlaps with Executive Order 14028.
- Falls short of its policy objectives.
- Undermines U.S. IaaS providers ability to compete globally, specifically in the European Union; and
- Disrupts ongoing data flows negotiations with the European Union.
211025 Comments EO13984 Commerce Dept FINAL
About the authors
Vincent Voci
Vice President for Cyber Policy and Operations in the Cyber, Intelligence, and Supply Chain Security Division at the U.S. Chamber of Commerce