China supply chain restrictions softened in funding bill
- By Adam Mazmanian
- Jan 14, 2014
IT contractors would have an easier time doing business with a few key government departments because a provision in the $1.1 trillion fiscal 2014 funding bill would ease supply-chain reporting requirements on technology gear and software linked to the Chinese government.
The new rules spelled out in Section 515 of the Commerce, Justice and Science section of the omnibus spending package would roll back requirements on IT acquisition at NASA, the Justice Department, the Commerce Department and the National Science Foundation.
Rep. Frank Wolf (R-Va.), chairman of the Appropriations Committee subcommittee that funds the four agencies, had included language in the 2013 continuing resolution that limits acquisition of IT gear from "entities that are owned, directed or subsidized by the People's Republic of China."
That provision was part of a larger government response to perceived threats posed by large Chinese IT and telecommunications firms Huawei and ZTE. An influential report by the House's Permanent Select Committee on Intelligence released in October 2012 warned that the Chinese government and military were potentially using products from the two firms as delivery devices for spyware, beacons and other backdoors by which to steal information and gain control over infrastructure systems.
However, the technology industry dislikes the current law and asserts that American firms do not have the ability to monitor the supply chain to the extent the law requires. Companies also argue that effective cybersecurity stems from risk management processes, not from issuing blanket rules keyed to country of origin.
After months of lobbying on the part of the technology industry, Congress appears to have heeded the complaints. The fiscal 2014 spending bill includes language about IT risk mediation, but it would reduce the scope and the compliance burden for companies. Covered agencies would be required to assess the risk to computer systems classified as high- or moderate-impact through the National Institute of Standards and Technology process agencies typically use. Additionally, supply chain risks would be reviewed against FBI threat information.
The bill specifies that agencies examine companies linked to the government of China as a potential threat, but the hurdles to acquiring IT with links to China would be reduced.
"This is a clear improvement over the Wolf language," said Trey Hodgkins, senior vice president at the Information Technology Alliance for Public Sector, a division of the IT Industry Council. But he added that he was "unhappy and disappointed that [the bill] continues to single out a geographic source as a point of concern."
Another industry lobbyist had a similar reaction. "Based on my read, it looks like a positive development," said Mike Hettinger, senior vice president for public sector at the trade association TechAmerica. "We still need to understand how it will be implemented."
Wolf does not view the revised language as a compromise. "I think we did what was appropriate," he told FCW. "We don't want agencies to buy telecom equipment from Huawei and ZTE. I think the language puts a system in place to raise these concerns."
Compliance guidance for the 2013 rules was written into the NASA Solutions for Enterprise-Wide Procurement contract, a five-year $20 billion governmentwide procurement vehicle, and industry will be watching for revisions.
"We want to make sure adjustments are made, and we'll be watching how that's broadly rolled out," Hodgkins said.
The 1,582-page spending bill still has to work its way through the House and Senate, but it has the backing of Rep. Hal Rogers (R-Ky.), chairman of the House Appropriations Committee, and Sen. Barbara Mikulski (D-Md.), his Senate counterpart. The government's discretionary spending authority is set to run out on Jan. 15, but the House passed a three-day continuing resolution on Jan. 14, and the Senate is expected to clear the measure before the deadline to give lawmakers more time to finalize the omnibus spending package.
Adam Mazmanian is FCW's senior staff writer, and covers Congress, health IT and governmentwide IT policy. Connect with him on Twitter: @thisismaz.