After dozens of supply chain data breaches and growing fears that the Chinese government is compromising technology supply chains, senators Mark Warner (D-Va.) and Marco Rubio (R-Fla.) proposed a new “Office of Critical Technology and Security” to coordinate technology supply chain security efforts last week.
According to the bill establishing the office, the office director will report directly to the president, and the office’s primary goal will be to “stop the transfer of critical emerging, foundational, and dual-use technologies to countries that pose a national security risk.”
In other words, the bill could potentially upend U.S. tech companies’ supply chains by stopping them from working with Chinese firms that the U.S. government deem national security risks, but doesn’t specify how it plans to implement this goal.
The bill also seeks to “protect and enforce intellectual property rights” and “develop a strategy to inform the private sector about critical supply chain risks.”
All of the bills goals rely on the “coordination” of various government agencies sharing information to better protect technology supply chains — including the National Council of Economic Advisors, the United States Trade Representative, the Office of Science and Technology Policy, the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC).
James Rice, deputy director of the Massachusetts Institute of Technology’s Center for Transportation and Logistics, told InsideSources he’s not sure that’s a feasible goal.
“It’s good that there will be an agency taking the lead to counter foreign government efforts attempting to steal government intellectual property,” he said in an email, “[but] of course, it is not clear that our government agencies will actually coordinate/share. They are notorious for collaborating when it comes to receiving information but not when it means sharing.”
Ultimately, though, Rice said he isn’t sure a new layer of bureaucracy for dealing with technology supply chains will be very effective, given there are already many private sector-led efforts to improve supply chain security.
For example, the Department of Defense (DOD) spearheads similar efforts, as does the National Counterintelligence and Security Center (NCSC), which just launched a new technology supply chain security initiative this week, the “Know Your Risk, Raise Your Shield” campaign.
The campaign provides meaningful tips and educational videos to help the private sector protect their technology supply chains, and is the NCSC’s response to a July 2018 report that found software and technology supply chains are increasingly targeted by foreign governments and corporations.
A new office with vaguely outlined duties like “protect IPR” and “develop a strategy to inform the private sector about critical technology supply chain risks” probably won’t accomplish much, Rice said.
“It’s not clear how a government agency will be effective at preventing IP theft and technological sabotage against companies,” he said. “The intent is good but I don’t see how they could practically do that — the greatest companies on earth are plagued by cyber-threats and a government bureaucracy doesn’t strike me as being more effective than those company efforts.”
Even the DOD, which is considered to be the most effective at cybersecurity efforts and supply chain security, isn’t foolproof, and cybersecurity experts say all federal agencies — including the DOD — struggle to maintain effective cybersecurity standards.
A September 2018 study from the DOD found that the defense industry’s manufacturing and supply chains are heavily reliant on China largely due to market factors, so the idea that a new “Office of Critical Technology and Security” will be able to break up defense supply chains in the name of national security is overly ambitious.
To counteract the problem with supply chains, Rice said “some might argue that our government ought to be proactive and explore vulnerabilities of other government’s systems. Of course, this would not be written or proposed in a bill.”