FOR IMMEDIATE RELEASE |
BIS Announces Appointment Of Elizabeth “Liz” Cannon As Executive Director Of Office Of Information And Communications Technology And Services
WASHINGTON, DC. -- The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced today that Elizabeth “Liz” Cannon will serve as the first Executive Director of the Office of Information and Communications Technology and Services (OICTS) beginning on Monday, January 22, 2024. OICTS is responsible for implementing the Information and Communications Technology and Services (ICTS) Program for the Department of Commerce.
“Liz brings extensive national security experience from both government and the private sector,” said Under Secretary of Commerce for Industry and Security Alan Estevez. “I am thrilled about her addition to the BIS team and the leadership she will bring to OICTS.”
In this role, Liz will manage policy developments and operations or OICTS. “I feel very fortunate to be the first executive director of the ICTS program,” Liz said. “I look forward to safeguarding our nation’s information and communications systems from foreign adversaries though an open and collaborative process.
Liz joins BIS from Microsoft, where she served as Senior Corporate Counsel for Global Trade. In that capacity, she was responsible for monitoring export controls, sanctions, and other international trade and security policy issues. She also oversaw Microsoft’s the Risk Intelligence Group, which is responsible for trade-related investigations and forensics.
Liz also brings more than a decade of public service and national security experience at the Department of Justice, including five years as Deputy Chief for Export Controls and Sanctions in the National Security Division. In this role, she supervised all criminal cases involving export control and sanctions violations around the country. During her service at DOJ, she prosecuted national security cases, including espionage, economic espionage, mishandling of classified information, sanctions, cyber, and export control offenses. She has also spent time in private practice at an international law firm.
She holds a BS in Commerce from the University of Virginia and a JD from New York University School of Law.
About the Office of Information and Communications Technology and Services:
The ICTS program became a mission of BIS in 2022. OICTS is charged with implementing a series of Executive Orders (EOs) under the International Emergency Economic Powers Act (IEEPA) focused on protecting domestic information and communications systems from threats posed by foreign adversaries. The ICTS program’s authorities include:
- EO 13873, “Securing the Information and Communications Technology and Services Supply Chain” (May 15, 2019), delegated to the Secretary of Commerce broad authority to prohibit or impose mitigation measures on any ICTS Transaction subject to United States jurisdiction that poses undue or unacceptable risks to the United States.
- 15 C.F.R. Part 7, “Securing the Information and Communications Technology and Services Supply Chain,” is the implementing regulation for EO 13873 and establishes the scope of an ICTS Transaction and creates a process for reviewing ICTS Transactions the Department or other agencies (through referrals) believe may pose an undue or unacceptable risk. The Department can, on its own accord or upon referral, investigate ICTS Transactions. Ultimately, the Secretary can prohibit or mitigate ICTS Transactions if those transactions pose one of the three risks outlined in EO 13873.
- EO 13984, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (January 19, 2021), directs the Secretary of Commerce propose rules to address malicious cyber actors’ use of Infrastructure as a Service (IaaS), by proposing “know your customer” (KYC) requirements.
- EO 14034, “Protecting Americans’ Sensitive Data from Foreign Adversaries” (June 11, 2021), builds upon EO 13873 to address threats posed by connected software applications linked to foreign adversaries.
- EO 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (October 30, 2023), builds on E.O. 13984, directing the Secretary of Commerce to impose record keeping requirements on IaaS providers when transacting with a foreign person to train certain large AI models.