Summaries: Commerce Section 232 and GAO Cybersecurity Framework Adoption Reports

U.S. Department of Commerce Reports on National Security Effects of Steel and Aluminum Imports

On Feb. 16, the U.S. Department of Commerce released reports on its investigations into how steel and aluminum imports impact national security, in response to a White House request. The investigations, carried out under Section 232 of the amended Trade Expansion Act of 1962, found that present quantities and circumstance of steel and aluminum imports are “weakening [U.S.] internal economy” and threaten to impair national security as defined in Section 232.

The reports maintain that steel and aluminum industries are vital to U.S. defense requirements and critical infrastructure needs, and conclude that excessive imports have adversely impacted both industries. Steel imports are currently 30 percent above the domestic demand, and aluminum imports account for nearly 90 percent of domestic consumption; meanwhile U.S. steel production has declined to 69.4 percent of production capacity, and U.S. aluminum production has declined to only 43% of production capacity. According to the reports, as excessive imports continue to take business away from domestic producers, these producers are at risk of losing the ability in times of national security crises to quickly shift production capacity from commercial products to defense and critical infrastructure production vital.

The reports recommend reducing imports to a level that enables U.S. steel and aluminum production to operate at 80 percent or more of their production capacity. It further recommends establishing global and country-specific tariffs on imported steel (24 percent tariff on all steel imports from all countries) and imported aluminum (7.7 percent tariff on all aluminum imports from all countries), in addition to imposing a worldwide quota on steel products (equal to 63 percent of each country’s 2017 steel exports to the United States) and aluminum products (equal to 86.7 percent of each country’s 2017 aluminum exports to the United States).

In a responsive memorandum, the Defense Department agreed with the conclusion that imports of foreign steel and aluminum threaten to impair national security, but expressed concern over the recommendations’ potential negative impact on key allies. Within the recommended options, the Pentagon concluded that targeted tariffs would be more preferable than a global quota or tariff, and declared it “critical” to reinforce to allies that recommended actions focus on Chinese overproduction and attempts to circumvent existing anti-dumping tariffs.

The president is required to reach a decision on the steel report’s recommendations by April 11, and on the aluminum report’s recommendations by April 19.

GAO Report on Cybersecurity Framework Adoption

The Government Accountability Office released the report “Critical Infrastructure Protection: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption” on Feb. 15. The investigations informing this report, carried out under the Cybersecurity Enhancement Act of 2014, assessed 16 critical infrastructure sectors to measure their adoption of the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity. The NIST framework is a voluntary guidance proposing standards, guidelines and best practices to help organizations better manage and reduce cybersecurity risks, with the intent of improving the resilience and security of critical infrastructure.

GAO found that 12 of the 16 sectors—including the financial services, energy, transportation, and communications sectors—have implemented the NIST framework. However, four sectors (food and agriculture; government facilities; information technology; and defense industrial bases) reported implementation difficulties including lack of resources, lack of knowledge, and regulatory and industry inhibitions. This lack of framework implementation frustrates the goal of integrating national critical infrastructure protection and resilience activities into a single national effort.

Additionally, the report finds that none of the nine federal lead agencies, the Departments of Agriculture, Defense, Energy, Health and Human Services, Homeland Security, Transportation, and Treasury; the Environmental Protection Agency; and the General Services Administration, have comprehensively measured framework-adoption within their respective sectors. These lead agencies, referred to as sector-specific agencies (SSA), stated that the voluntary nature of the framework and the lack of available data across their respective sectors impeded their ability to collect such information.

Moving forward, GAO recommends the nine SSAs take steps to consult with sector partners to develop methods for determining the level and type of framework adoption.