Sen. Mike Crapo

We live in an accelerating world requiring reliance on ever-advancing technology for many aspects of our lives. 

While technology may speed up and facilitate daily tasks, it also presents risk.  Attacks through our technology do not just cause frustrating delays; malicious supply chain exploitation endangers our servicemembers without ever firing a shot. 

I am working to enact legislation that would secure the supply chains that government, industry and the general population rely on to reduce our country’s vulnerability to attack. 

Even with increasing investments in cybersecurity, the United States remains vulnerable to advanced cyber-attacks from actors like Russia and China.  A2018 Government Accountability Office (GAO) report stated that, despite multiple warnings since the early 1990s, cybersecurity has not been a focus of weapon systems acquisitions within the military. 

The U.S. Department of Defense (DOD) supply chain, including the organization, people, activities, information and resources involved in the delivery and operation of sensitive platforms, has been on the GAO’s High Risk List for 29 of the last 30 years.

In a 2018 report, MITRE, a federally-funded research organization, found that, while the DOD and Intelligence Community are aware of cyber and supply chain threats, federal government actions are not sufficiently coordinated and responsibilities are “siloed” in a way that delay fully informed and decisive action. 

MITRE warned there is overwhelming evidence adversaries employ asymmetric operations to “steal our intellectual property, compromise our technical information, and to degrade, deny, or otherwise damage our factories and critical infrastructure.”  The DOD recently further confirmed these vulnerabilities in a July 26, 2019 report, finding that more than 9,000 products costing over $32.8 million purchased by the DOD last year could be used to spy on or sabotage our servicemembers.

China continues to invest billions into its domestic production facilities while trying to undermine U.S. security.  Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military.  Malicious semiconductor chips or counterfeit parts could create backdoors enabling the monitoring or stealing of consumer data or cause broader system malfunctions. 

In July, Senator Mark Warner (D-Virginia) and I introduced legislation to help secure U.S. supply chains against foreign threats.  S. 2316, the Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act would require the development of a national strategy to assess and prevent risks to critical U.S. technologies. 

It would also establish a National Supply Chain Security Center, which would collect supply chain threat information and disseminate it to the agencies with authority to intervene and act as a resource for the government and private sector on supply chain security best practices.  The bill text and asummary are accessible on my website at www.crapo.senate.gov.

Federal agencies’ continued acquisition of weapons systems and other critical platforms and products without a government-wide focus on supply chain security risks human life, military readiness and U.S. intellectual property.  This bipartisan legislation would provide a coordinated effort to guard against attempts by China and others to undermine our national security by exploiting our supply chains. 

Sections of this bill have seen progress in Congress as part of the annual National Defense Authorization Act and Intelligence Authorization Act currently being negotiated.  Our efforts to protect critical supply chains are already overdue; therefore, it is important that Congress follow through on these efforts and enact the necessary protections to ensure the ongoing efficacy of our military and government operations.