New laws proposed in the US to protect technology supply chains from espionage

New law is intended to crack down on alleged espionage by China against US infrastructure and intellectual property

Two US senators have proposed new laws intended to combat what they claim is a rising security threat to technology supply chains posed by China.

Senators Mike Crapo and Mark Warner want the US government to develop a national strategy to assess and prevent risks to vital technologies in the US.

They claimed that the US is involved in "asymmetric warfare and what amounts to a technological space race with China".

The Manufacturing, Investment and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act proposed by the senators would, they claim, "guard against attempts by the People's Republic of China and others to undermine US national security by exploiting and penetrating US supply chains".

Through government investments and subsidies, as well as intellectual property theft... China aims to dominate the $1.5 trillion electronics industry

"Actions by the People's Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States," said Senator Crapo.

"Through government investments and subsidies, as well as intellectual property theft of companies like Idaho's Micron, China aims to dominate the $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the US government and military," he added.

Crapo claimed that the Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting US national security.

Chinese companies like Huawei, currently the subject of a dispute with the US government, already export a range of software, hardware and services used in the US, but there are fears these technologies could be used to harm and expose consumer and government information.

The Act will address what the senators claim are four major areas being exploited by China's government, including supply-chain exploitation through faulty hardware; 'cyber-physical attacks' on US systems such as missiles, aircraft and electrical grids; cyber-attacks on computer systems; and bad actors gaining sensitive information.

In a statement, the senators outlined the Act's main components:

• Summarise key findings of Congress regarding US supply-chain security;
• Direct the Director of National Intelligence, Department of Defense and other relevant US agencies to develop a plan to increase supply-chain intelligence within 180 days;
• Establish a National Supply Chain Security Center within the Office of the Director of National Intelligence to collect supply chain threat information and disseminate it to agencies with the authority to intervene; and
• Makes funds available under the Defense Production Act for federal supply chain security enhancements.

Senator Warner added: "While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves.

"As a result, US companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in US military, government and critical civilian platforms give China potential backdoors to compromise these systems.

"We need a national strategy to unify efforts across the government to protect our supply chain and our national security."

A number of advanced persistent threat (APT) groups have been linked with China's government and security establishment. In July, an anonymous group called Intrusion Truth published a report claiming that APT17 was linked with China's Security Ministry.