US Senators Mike Crapo and Mark Warner have introduced federal legislation designed to protect critical technologies from supply chain attacks by China and other foreign threat actors.
The bill, known as S. 2316 or the The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act, would require US intelligence officials to create a plan of action to defend the supply chain. If passed, it would also create a National Supply Chain Security Center and would make funding for supply chain protections available under the Defence Production Act.
Under the terms of the proposed law, the US director of national intelligence, DOD and other relevant agencies would be tasked with submitting to Congress an official plan for strengthening supply chain intelligence. This plan would include recommendations for workforce models, governance structure within the intel community, and budget. The language for this section can also be found in the House of Representatives’ recently introduced version of the Intelligence Authorisation Act.
Meanwhile, the Senate bill amends Intelligence Authorisation Act by adding a National Supply Chain Intelligence Center within the Office of the Director of National Intelligence. Its mission would be to a collector and supplier of supply-chain intelligence including threats, risk assessments and vulnerability details. The center would be led by a director who is appointed by the president and its senior management would be composed of individuals working for the Departments of Defence, Justice, Homeland Security and Commerce.
Another section would amend Section 303 of the Defence Production Act of 1950, adding language that authorises the president to make available funding that manufacturers of critical technologies, components and supply chain defence products can use to improve supply chain protections. This section was also separately adopted in the Senate’s recently introduced version of the National Defence Authorisation Act.
The MICROCHIPS act was created with China especially in mind, particularly in light of recent US government allegations that products from Chinese telecom and electronics company Huawei may enable Chinese government actors to spy on users.
"The lack of comprehensive detection and apprehension of potentially compromised technology and component parts has practical and serious implications," states a summary of the law published by Crapo’s office. "US companies continue to lose billions of dollars of IP to theft by China. Additionally, counterfeit and compromised electronics installed in US military, government and critical civilian platforms give China potential backdoors to interfere with and compromise these systems."
"Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a £1.2 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the US government and military," said Crapo himself in a news release. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security."
"While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves," said Warner in the same release. "As a result, US companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in US military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security."
This article was originally published on SC Media US.