WASHINGTON — The United States has taken its first real swipe at China after accusations that the Beijing government is behind a widespread and systemic hacking campaign targeting U.S. businesses.
Buried in a spending bill signed by President Barack Obama on Tuesday is a provision that effectively bars much of the federal government from buying information technology made by companies linked to the Chinese government.
It's unclear what impact the legislation will have or whether it will turn out to be symbolic. The provision affects only certain nondefense government agency budgets between now and Sept. 30, when the fiscal year ends.
Still, the rule could pave the way for broader, more permanent changes in how the U.S. government buys technology.
"This is a change of direction," said Stuart Baker, a former senior official at the Homeland Security Department. "My guess is we're going to keep going in this direction for a while."
In March, the U.S. computer security firm Mandiant released details on what it said was an aggressive hacking campaign on U.S. businesses by a Chinese military unit. Since then, Treasury Secretary Jacob Lew has used high-level meetings with Beijing officials to press the matter. Beijing has denied the allegations.
Congressional leaders have promised to push legislation that would make it easier for the industry to share threat data with the government. But those efforts have been bogged down amid concerns that too much of U.S. citizens' private information could end up in the hands of the federal government.
As Congress and privacy advocates debate a way ahead, lawmakers tucked "Section 516" into the latest budget resolution, which enables the government to pay for day-to-day operations for the rest of the fiscal year. The provision specifically prohibits the Commerce and Justice departments, NASA and the National Science Foundation from buying an information technology system that is "produced, manufactured or assembled" by any entity that is "owned, operated or subsidized" by the People's Republic of China.
The agencies can acquire the technology only if, in consulting with the FBI, they determine that there is no risk of "cyberespionage or sabotage associated with the acquisition of the system," according to the legislation.