Senate Bill Would Create a National Supply Chain Security Center

supply chain 4 responsive default security

August 14, 2019

Citing the vital need for a secure U.S. industrial base, U.S. Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) have introduced bipartisan legislation to guard against attempts by China and others to undermine U.S. national security by exploiting and penetrating U.S. supply chains.

The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act (S. 2316) would develop a national strategy to assess and prevent risks to critical U.S. technologies.

It would also establish a National Supply Chain Security Center within the Office of the Director of National Intelligence to collect supply chain threat information and disseminate it to agencies with the authority to intervene; and

“Actions by the People’s Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States,” said Senator Crapo. “Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security.”

“While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves,” said Senator Warner. “As a result, U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security.”

According to the legislation, Chinese companies export telecommunication technology equipment into software, hardware, and services used in the United States, and hope to export fifth generation technology (5G) to the U.S. that could potentially harm and expose both consumer and U.S. military information. Malicious chips or counterfeit parts could create backdoors, it said, enabling the monitoring or stealing of consumer data or cause broader system malfunctions. Even with high investments in cybersecurity, the United States remains vulnerable to advanced cyber attackers like Russia and China. A 2018 Government Accountability Office report stated that, despite multiple warnings since the early 1990s, cybersecurity has not been a focus of weapon systems acquisitions within the military community. The Department of Defense’s (DOD) continuous acquisition of weapons systems without making security a key priority could potentially lead to loss of U.S. intellectual property and technological advantage of the U.S. Armed Forces, it said, contribute to unnecessary risks to human life and interfere with the ability of the Armed Forces to execute their missions.

The MICROCHIPS Act would address China’s practice of four major non-kinetic areas of warfare, including supply chain exploitation through supplying faulty software hardware and components; cyber-physical attacks on U.S. systems with real-time operating deadlines, such as missiles, aircraft and electrical grids; cyber-attacks on computer systems; and bad actors gaining sensitive information.

Other components of the bill include:

Summarizes key findings of Congress regarding supply chain security;
Directs the Director of National Intelligence, DOD and other relevant agencies to develop a plan to increase supply chain intelligence within 180 days;
Makes funds available under the Defense Production Act for federal supply chain security enhancements.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Senate Bill Would Create a National Supply Chain Security Center

Related Articles

Related Products

Report Abusive Comment