The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
The legislation, which cites a rash of Chinese IP theft, would develop a national strategy to prevent risks to U.S. tech.
Two Senators are hoping a new act they've introduced will help thwart supply chain attacks, namely those emanating from the People's Republic of China.
Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) introduced the legislation on Tuesday and acknowledged that one of the big drivers behind the bill has been the mounting headlines around China's ongoing threat to supply chain security.
“Actions by the People’s Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States,” Senator Crapo said Tuesday, "The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security.”
A key element of the legislation - MICROCHIPS, which stands for Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (.PDF) - would be ensuring there's a national strategy in place to measure and safeguard against supply chain risk.
The two Senators cite a report via the Government Accountability Office from last fall, "DOD Just Beginning to Grapple with Scale of Vulnerabilities," to highlight just how fraught - and subject to the loss of U.S. intellectual property - government infrastructure is.
Threats to the supply chain have been top of mind for Warner as of late.
Earlier this year Warner introduced another bill designed to strengthen supply chain security through the creation of a new White House office, the Office of Critical Technologies and Security, to supervise directed technology transfers and threats to U.S. national security.
If passed, the MICROCHIPS Act would establish a center of its own - a National Supply Chain Security Center - within the Office of the Director of National Intelligence. This office's job would be to collect threat information relevant to supply chains and forward it to the applicable parties. For what it's worth the Office of the Director of National Intelligence isn't short on centers; it currently has four, similarly titled offices: the Cyber Threat Intelligence Integration Center, the National Counterproliferation Center, the National Counterintelligence and Security Center, and the National Counterterrorism Center.
This would be the first center based on ensuring supply chain integrity, something the National Counterintelligence and Security Center (NCSC) dedicates every April to.
Under MICROCHIPS, the Director of National Intelligence, Department of Defense, and other applicable agencies would be instructed to develop a plan to better safeguard supply chain intelligence within 180 days. The act would also funnel money via the Defense Production Act for federal supply chain security improvements.
Warner stressed Tuesday that his and Crapo's legislation is mainly about establishing a unified front when it comes to supply chain strategy.
“U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security.” Warner said of MICROCHIPS this week.
The proposed legislation comes about a week after FBI director Christopher Wray remarked in a Senate Judiciary Committee hearing on the troubling state of intellectual property theft. Wray noted the agency currently has about 1,000 investigations open into attempted IP theft, with virtually all of them involving China.