[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2316 Introduced in Senate (IS)]
<DOC>
116th CONGRESS
1st Session
S. 2316
To require a plan for strengthening the supply chain intelligence
function, to establish a National Supply Chain Intelligence Center, and
for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 30, 2019
Mr. Crapo (for himself and Mr. Warner) introduced the following bill;
which was read twice and referred to the Select Committee on
Intelligence
_______________________________________________________________________
A BILL
To require a plan for strengthening the supply chain intelligence
function, to establish a National Supply Chain Intelligence Center, and
for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Manufacturing, Investment, and
Controls Review for Computer Hardware, Intellectual Property, and
Supply Act of 2019'' or the ``MICROCHIPS Act of 2019''.
SEC. 2. FINDINGS AND SENSE OF CONGRESS.
(a) Findings.--Congress makes the following findings:
(1) Fifth generation telecommunications technology
(commonly referred to as ``5G''), as well as other emerging
technologies, will revolutionize the technology industry,
becoming a vital part of day-to-day business and life, and
requires secure supply chains for the national security of the
United States.
(2) An insecure supply chain for products supplied to the
United States Government can lead to a degradation of critical
infrastructure and technology items that are essential to the
defense of the United States.
(3) The United States Government confronts adversaries who
seek to offset the military strength of the United States
through asymmetric, nonkinetic actions that compromise and
neutralize the decision-making systems, processes, and
warfighting capabilities of the United States.
(4) These adversaries take advantage of the open and
democratic system of the United States that prioritizes
governmental transparency to connect citizens with the actions
of the Government.
(5) The National Defense Strategy identified Russia and
China as primary strategic competitors of the United States.
(6) Russia and China seek to steal sensitive defense
information from the United States through the use of blended
espionage operations in the supply chain, supply chain
activities, and cyberspace, and through insider threat human
actors.
(7) The actions of Russia and China go well beyond theft of
critical military technology, threatening the integrity and
readiness of information and weapons systems and potentially
enabling key elements of the strategies of an adversary to
defeat the Armed Forces of the United States across the
spectrum of conflict.
(8) According to some estimates, cybersecurity spending in
the United States from 2017 to 2021 will exceed
$1,000,000,000,000 among the public and private sectors.
(9) Even with these large investments in cybersecurity, the
United States remains vulnerable to advanced cyber actors like
Russia and China.
(10) Since 2013, more than 6,000,000 individual data
records have been compromised every day through data breaches,
with nearly half of these losses occurring in the Government
sector.
(11) Large expenditures of resources and a protective
strategy that relies on firewalls and boundaries that can be
breached by a persistent actor are clearly insufficient and
completely ignore the supply chain vector.
(12) Military weapons systems are not immune to cyber
vulnerabilities.
(13) An October 2018 Government Accountability Office
report found that nearly all weapons systems of the United
States have cyber vulnerabilities the scale of which the
Department of Defense is ``just beginning to grapple with''.
(14) Furthermore, the report stated that despite multiple
warnings since the early 1990s, ``cybersecurity has not been a
focus of weapon systems acquisitions''.
(15) There have been numerous press stories about data
breaches and theft of United States sensitive technology that
prove that cyber vulnerabilities are real and not theoretical.
(16) The Department of Defense will spend more than
$1,600,000,000,000 to develop and field its current portfolio
of weapons systems.
(17) Conducting acquisitions without making security
resiliency a key discriminator in capability development and
contract award decisions could potentially lead to additional
losses of technological advantages of the Armed Forces and
negate efforts to improve the capabilities of the Armed Forces
to meet the National Defense Strategy.
(18) Software, hardware, and services supply chains have
proven to be major means through which adversaries seek to gain
access to weapons systems and information and communications
technology platforms and systems of the United States.
(19) Vulnerabilities in these critical areas introduce
unacceptable risks to human life and the ability of the Armed
Forces to execute the missions the public of the United States
expects of them.
(20) The establishment of the Protecting Critical
Technology Task Force of the Department of Defense and the
Information and Communication Technology Supply Chain Risk
Management Task Force of the Department of Homeland Security is
a welcome first step, but the United States Government requires
a fundamental security culture change.
(21) The innovative technologies that will help the Armed
Forces, economy, and industry of the United States maintain
competitive advantages over the competitors of the United
States are developed in private industry and in academia.
(22) Engagement to find solutions with industry
stakeholders and allied countries to mitigate the clear,
present, and rapidly evolving threats to the national security
of the United States is necessary.
(23) A national center to unify efforts across the whole of
government to strategically warn of and support the mitigation
of threats to supply chains and supply chain activities is
vital to the cybersecurity, critical infrastructure, and
national security of the United States.
(b) Sense of Congress.--It is the sense of Congress that--
(1) the United States Government should endeavor to deliver
warfighting capabilities to operational forces without having
critical information or technology wittingly or unwittingly
lost, stolen, or modified;
(2) the Department of Defense and the whole of the United
States Government should adapt to the challenges presented by
adversaries while maintaining as much transparency with the
people of the United States as possible;
(3) stronger effort should be placed on securing the vast
supply chains of the contractors responsible for developing and
producing the defense related capabilities of the United
States;
(4) the efforts of the Department of Defense, the
Department of Homeland Security, and the Federal Acquisition
Security Council to protect critical technologies should be
action oriented with clear outcome expectations and chains of
accountability;
(5) technology protection should begin long before a
contract is signed between a contractor and the United States
Government;
(6) the United States Government should improve its ability
to collaborate to protect both the open research environment
and emerging military technologies; and
(7) the United States Government should focus on supply
chain security to ensure that military systems and systems
required for sensitive activities are not acquired or operated
in a compromised state.
SEC. 3. PLAN FOR STRENGTHENING THE SUPPLY CHAIN INTELLIGENCE FUNCTION.
(a) In General.--Not later than 180 days after the date of the
enactment of this Act, the Director of the National Counterintelligence
and Security Center, in coordination with the Director of the Defense
Counterintelligence and Security Agency and other interagency partners,
shall submit to Congress a plan for strengthening the supply chain
intelligence function.
(b) Elements.--The plan submitted under subsection (a) shall
address the following:
(1) Such recommendations as the Director of the National
Counterintelligence and Security Center may have with respect
to--
(A) the appropriate workforce model, including
size, mix, and seniority, from the elements of the
intelligence community and other interagency partners;
and
(B) the appropriate governance structure within the
intelligence community and with interagency partners.
(2) The budgetary resources necessary to implement the
plan.
(3) The authorities necessary to implement the plan.
(c) Definition of Intelligence Community.--In this section, the
term ``intelligence community'' has the meaning given such term in
section 3 of the National Security Act of 1947 (50 U.S.C. 3003).
SEC. 4. ESTABLISHMENT OF NATIONAL SUPPLY CHAIN INTELLIGENCE CENTER.
(a) Establishment of Center.--Title IX of the Intelligence
Authorization Act for Fiscal Year 2003 (50 U.S.C. 3382 et seq.) is
amended by adding at the end the following:
``SEC. 905. NATIONAL SUPPLY CHAIN INTELLIGENCE CENTER.
``(a) Establishment of Center.--There is within the National
Counterintelligence and Security Center in the Office of the Director
of National Intelligence a National Supply Chain Intelligence Center.
``(b) Director of National Supply Chain Intelligence Center.--There
is a Director of the National Supply Chain Intelligence Center, who
shall be appointed by the President, in consultation with the Director
of National Intelligence and other interagency partners as the
President considers appropriate.
``(c) Center Personnel.--
``(1) Senior management.--The Director of the National
Supply Chain Intelligence Center shall ensure that the senior
management of the Center includes one or more detailees from
each of the following:
``(A) The Department of Defense.
``(B) The Department of Justice.
``(C) The Department of Homeland Security.
``(D) The Department of Commerce.
``(2) Detail or assignment of personnel.--
``(A) In general.--With the approval of the
Director of the Office of Management and Budget, and in
consultation with the congressional committees of
jurisdiction, the Director of the National Supply Chain
Intelligence Center may request of the head of any
department, agency, or element of the Federal
Government the detail or assignment of personnel from
such department, agency, or element to the National
Supply Chain Intelligence Center.
``(B) Duties.--Personnel detailed or assigned under
subparagraph (A) shall assist the National Supply Chain
Intelligence Center in carrying out the primary
missions of the Center.
``(C) Terms.--Personnel detailed or assigned under
subparagraph (A) shall be assigned or detailed to the
National Supply Chain Intelligence Center for a period
of not more than 2 years.
``(D) Regular employment.--Any Federal Government
employee detailed or assigned under subparagraph (A)
shall retain the rights, status, and privileges of his
or her regular employment without interruption.
``(d) Primary Missions.--The primary missions of the National
Supply Chain Intelligence Center shall be as follows:
``(1) To aggregate all-source intelligence relating to
supply chains, including--
``(A) classified and unclassified information;
``(B) threat information; and
``(C) proprietary and sensitive information,
including risk and vulnerability information,
voluntarily provided by private entities.
``(2) To share strategic warnings relating to supply chains
or supply chain activities, as the Director of the National
Supply Chain Intelligence Center considers appropriate and
consistent with security standards for classified information
and sensitive proprietary information, among--
``(A) the elements of the intelligence community
(as defined in section 3 of the National Security Act
of 1947 (50 U.S.C. 3003)), components of the Department
of Justice and the Department of Defense, the Federal
Acquisition Security Council, and other Federal
agencies;
``(B) at-risk industry partners; and
``(C) governments of countries that are allies of
the United States.
``(3) To serve as the central and shared knowledge resource
for--
``(A) known and suspected threats to supply chain
activities or supply chain integrity from international
groups, companies, countries, or other entities; and
``(B) the goals, strategies, capabilities, and
networks of contacts and support of such groups,
companies, countries, and other entities.
``(4) To perform tasks assigned to the National Supply
Chain Intelligence Center by relevant Government supply chain
task forces, councils, including the Federal Acquisition
Security Council, and other entities.
``(e) Annual Reports Required.--The Director of the National Supply
Chain Intelligence Center shall annually submit to Congress a report,
with classified annexes as appropriate, on the state of threats to the
security of supply chains and supply chain activities for United States
Government acquisitions and replenishment as of the date of the
submittal of the report.
``(f) Funding.--Amounts used to carry out this section shall be
derived from amounts appropriated or otherwise made available for the
National Intelligence Program (as defined in section 3 of the National
Security Act of 1947 (50 U.S.C. 3003)).''.
(b) Clerical Amendment.--The table of contents in section 1(b) of
such Act is amended by inserting after the item relating to section 904
the following new item:
``Sec. 905. National Supply Chain Intelligence Center.''.
(c) Sense of Congress.--It is the sense of Congress that the
Director of the National Supply Chain Intelligence Center should
implement the recommendations submitted under section 3(b)(1).
SEC. 5. INVESTMENT IN SUPPLY CHAIN SECURITY UNDER DEFENSE PRODUCTION
ACT OF 1950.
(a) In General.--Section 303 of the Defense Production Act of 1950
(50 U.S.C. 4533) is amended by adding at the end the following:
``(h) Investment in Supply Chain Security.--
``(1) In general.--The President may make available to an
eligible entity described in paragraph (2) payments to increase
the security of supply chains and supply chain activities, if
the President certifies to Congress not less than 30 days
before making such a payment that the payment is in the
national security interests of the United States.
``(2) Eligible entity.--An eligible entity described in
this paragraph is an entity that--
``(A) is organized under the laws of the United
States or any jurisdiction within the United States;
and
``(B) produces--
``(i) one or more critical components;
``(ii) critical technology; or
``(iii) one or more products for the
increased security of supply chains or supply
chain activities.
``(3) Regulations.--
``(A) In general.--Not later than 90 days after the
date of the enactment of the Manufacturing, Investment,
and Controls Review for Computer Hardware, Intellectual
Property, and Supply Act of 2019, the President shall
prescribe regulations setting forth definitions for the
terms `supply chain' and `supply chain activities' for
the purposes of this subsection.
``(B) Scope of definitions.--The definitions
required by subparagraph (A)--
``(i) shall encompass--
``(I) the organization, people,
activities, information, and resources
involved in the delivery and operation
of a product or service used by the
Government; or
``(II) critical infrastructure as
defined in Presidential Policy
Directive 21 (February 12, 2013;
relating to critical infrastructure
security and resilience); and
``(ii) may include variations for specific
sectors or Government functions.''.
<all>
MICROCHIPS Act of 2019
#2316 | S Congress #116
Policy Area: Armed Forces and National Security
Subjects: Advanced technology and technological innovationsCongressional oversightDirector of National IntelligenceExecutive agency funding and structureGovernment information and archivesIntelligence activities, surveillance, classified informationMilitary operations and strategyMilitary procurement, research, weapons developmentPublic contracts and procurementResearch and development
Last Action: Read twice and referred to the Select Committee on Intelligence. (7/30/2019)
Bill Text Source: Congress.gov
Summary and Impacts
Original Text