Compliance Management, Government Regulations

Proposed MICROCHIPS Act would require protections for technology supply chain

U.S. Senators Mike Crapo, R-Idaho, and Mark Warner, D-Va., have introduced federal legislation designed to protect critical technologies from supply chain attacks by China and other foreign threat actors.

The bill, known as S. 2316 or the The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act, would require U.S. intelligence officials to create a plan of action to defend the supply chain. If passed, it would also create a National Supply Chain Security Center and would make funding for supply chain protections available under the Defense Production Act.

Under the terms of the proposed law, the U.S. director of national intelligence, DOD and other relevant agencies would be tasked with submitting to Congress an official plan for strengthening supply chain intelligence. This plan would include recommendations for workforce models, governance structure within the intel community, and budget. The language for this section can also be found in the House of Representatives' recently introduced version of the Intelligence Authorization Act.

Meanwhile, the Senate bill amends Intelligence Authorization Act by adding a National Supply Chain Intelligence Center within the Office of the Director of National Intelligence. Its mission would be to a collector and supplier of supply-chain intelligence including threats, risk assessments and vulnerability details. The center would be led by a director who is appointed by the president and its senior management would be composed of individuals working for the Departments of Defense, Justice, Homeland Security and Commerce.

Another section would amend Section 303 of the Defense Production Act of 1950, adding language that authorizes the president to make available funding that manufacturers of critical technologies, components and supply chain defense products can use to improve supply chain protections. This section was also separately adopted in the Senate's recently introduced version of the National Defense Authorization Act.

The MICROCHIPS act was created with China especially in mind, particularly in light of recent U.S. government allegations that products from Chinese telecom and electronics company Huawei may enable Chinese government actors to spy on users.

"The lack of comprehensive detection and apprehension of potentially compromised technology and component parts has practical and serious implications," states a summary of the law published by Crapo's office. "U.S. companies continue to lose billions of dollars of IP to theft by China. Additionally, counterfeit and compromised electronics installed in U.S. military, government and critical civilian platforms give China potential backdoors to interfere with and compromise these systems."

"Through government investments and subsidies, as well as intellectual property theft of companies like Idaho's Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military," said Crapo himself in a news release. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security."

"While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves," said Warner in the same release. "As a result, U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.