Bill seeks to protect against counterfeit IT

DOD officials concerned by globalization of IT industry, increased vulnerability to counterfeit IT systems

The Senate Armed Services Committee has proposed giving the Defense Department authority to exclude companies from competing for contracts if the firms threaten IT system development, according to legislation.

The committee’s concern for the supply chain stems from a 2009 DOD report on trusted defense systems. DOD found that the globalization of the IT industry has increased the vulnerability of the department's IT systems. The report found a growing risk that systems and networks critical to DOD could be exploited through counterfeit systems or malicious code and other defects introduced by suppliers.

Under the measure, an agency in DOD would be able exclude a company from competing for a contract, task or delivery order, or even a subcontract, but officials would not be required to disclose who’s on the list, according to the Senate’s National Defense Authorization Act (S. 3454).

Related stories:

DOD builds infrastructure to support cyber forces

Report suggests cyberattacks against DOD are falling

The director of the Defense Intelligence Agency and the assistant secretary of defense for networks and information integration would make the decision “that the exclusion of a particular source is necessary to avoid an unacceptable supply chain risk,” the bill states.

Furthermore, it states that a company “shall not be subject to disclosure.”

“The committee concludes that the secretary should have the authority needed to address this risk,” according to the committee’s report that sheds light on the bill’s provisions.

The current session of the Senate is not likely to act on the bill, but the upper chamber may revisit the legislation after the new Congress begins.

“The new Congress will have to start over, but the delay will not have any significant impact,” said Robert Burton, former deputy administrator in the Office of Federal Procurement Policy and now a partner at the Venable law firm.

Despite the committee’s attempts at protection, the provision has raised concerns in the acquisition community. Experts fear DOD and the government overall could go too far with authority.

“It is stunning," Burton said. "Basically, any contractor can be excluded from a competition because of an ‘unacceptable supply chain risk.' I think the provision is overly broad and could be abused.”

Companies on such a list also could spread to other agencies, even beyond DOD, and lead other agencies to question a company’s reputation, said the American Small Business Association. This could start de facto debarments across the government without due process.

Alan Chvotkin, executive vice president and counsel at the Professional Services Council (PSC), said the government can find better options for keeping a check on supply chain risks.

“Exclusion should be the last approach,” he said.

However, DOD has a legitimate concern for malicious IT systems, he said. Standards are too broad when determining a risky system, which needs to be worked out. The PSC and other industry groups have met with the Senate committee, and Chvotkin said the committee staff members have been engaged in open, substantive discussions.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected