Senate Bill Would Create a National Supply Chain Security Center

supply chain 4 responsive default security

August 14, 2019

Citing the vital need for a secure U.S. industrial base, U.S. Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) have introduced bipartisan legislation to guard against attempts by China and others to undermine U.S. national security by exploiting and penetrating U.S. supply chains.

The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act (S. 2316) would develop a national strategy to assess and prevent risks to critical U.S. technologies.

It would also establish a National Supply Chain Security Center within the Office of the Director of National Intelligence to collect supply chain threat information and disseminate it to agencies with the authority to intervene; and

“Actions by the People’s Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States,” said Senator Crapo. “Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security.”

“While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves,” said Senator Warner. “As a result, U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security.”

According to the legislation, Chinese companies export telecommunication technology equipment into software, hardware, and services used in the United States, and hope to export fifth generation technology (5G) to the U.S. that could potentially harm and expose both consumer and U.S. military information. Malicious chips or counterfeit parts could create backdoors, it said, enabling the monitoring or stealing of consumer data or cause broader system malfunctions. Even with high investments in cybersecurity, the United States remains vulnerable to advanced cyber attackers like Russia and China. A 2018 Government Accountability Office report stated that, despite multiple warnings since the early 1990s, cybersecurity has not been a focus of weapon systems acquisitions within the military community. The Department of Defense’s (DOD) continuous acquisition of weapons systems without making security a key priority could potentially lead to loss of U.S. intellectual property and technological advantage of the U.S. Armed Forces, it said, contribute to unnecessary risks to human life and interfere with the ability of the Armed Forces to execute their missions.

The MICROCHIPS Act would address China’s practice of four major non-kinetic areas of warfare, including supply chain exploitation through supplying faulty software hardware and components; cyber-physical attacks on U.S. systems with real-time operating deadlines, such as missiles, aircraft and electrical grids; cyber-attacks on computer systems; and bad actors gaining sensitive information.

Other components of the bill include:

Summarizes key findings of Congress regarding supply chain security;
Directs the Director of National Intelligence, DOD and other relevant agencies to develop a plan to increase supply chain intelligence within 180 days;
Makes funds available under the Defense Production Act for federal supply chain security enhancements.

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.