The cybersecurity proposals in the House Armed Services Committee’s draft of the national defense bill for fiscal 2020 include provisions that would create new directives on the Department of Defense’s tech acquisitions and supply chain.
Chairman Adam Smith’s mark of the National Defense Authorization Act (NDAA), issued Monday, seeks to prevent the DOD from acquiring foreign telecommunications and video surveillance equipment from companies that could pose security risks. The provision effectively would ban or suspend contractors and subcontractors from doing business with not just the Pentagon but also the entire U.S. government, too, unless they properly secure their equipment and services.
Chinese-based companies Huawei and ZTE, both of which have been under intense scrutiny by the Trump administration, are not directly named in the provision. The measure appears to align with an executive order the White House issued just last month that seeks to bar U.S. companies from using telecommunications equipment made by foreign firms, with the concern that the gear could make it easier for other countries’ intelligence agencies to snoop on American networks. The order does not call out China specifically, and instead leaves the door open for other countries to be named in an eventual ban.
The proposal by Smith, D-Wash., takes a similar approach. It would require the DOD to conduct a “comprehensive assessment” of Pentagon policies on foreign telecommunications and video surveillance equipment in the defense industrial base.
“Supply chain risk issues have grown in importance as the U.S. defense acquisition supply base has become increasingly global,” the draft bill says.
The Senate version of the NDAA similarly would establish a strategy for “securing a trusted supply chain of advanced microelectronics for the United States and U.S. allies and partners,” according to the summary of the bill’s text, which has yet to be released publicly.
The focus on cybersecurity in the defense bill aligns with the National Cyber Strategy the White House released last year, which notes “persistent” and “aggressive” cyberthreats from foreign adversaries including Russia and China.
In at least one case, the chairman’s mark calls out Russian aggression in Europe specifically, noting if deterrence fails to hold off Russian aggression against NATO countries, the committee is concerned that a readiness and posture assessment has not been adequately completed to meet the Russian threat.
The committee calls on the Comptroller General of the United States to assess how much the Pentagon has examined cyber-capabilities to counter Russia in the event deterrence isn’t enough.
A full committee markup of the bill, which outlines a budget of $733 billion, slightly lower than the Senate version at $750 billion, is set for Wednesday. The bill text from the Senate Armed Services Committee is expected to be issued soon.