Text: S.1457 — 116th Congress (2019-2020)All Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in Senate (05/14/2019)


116th CONGRESS
1st Session
S. 1457


To provide for interagency coordination on risk mitigation in the communications equipment and services marketplace and the supply chain thereof, and for other purposes.


IN THE SENATE OF THE UNITED STATES

May 14, 2019

Mrs. Blackburn (for herself and Mr. Cornyn) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation


A BILL

To provide for interagency coordination on risk mitigation in the communications equipment and services marketplace and the supply chain thereof, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Sharing Urgent, Potentially Problematic Locations that Yield Communications Hazards in American Internet Networks Act of 2019” or the “SUPPLY CHAIN Act of 2019”.

SEC. 2. Interagency coordination on risk mitigation in the communications equipment and services marketplace and the supply chain thereof.

(a) Definitions.—In this section:

(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—

(A) the Committee on Commerce, Science, and Transportation, the Committee on Foreign Relations, the Committee on Armed Services, the Committee on the Judiciary, the Committee on Homeland Security and Governmental Affairs, and the Select Committee on Intelligence of the Senate; and

(B) the Committee on Energy and Commerce, the Committee on Foreign Affairs, the Committee on Armed Services, the Committee on the Judiciary, the Committee on Homeland Security, and the Permanent Select Committee on Intelligence of the House of Representatives.

(2) APPROPRIATE FEDERAL ENTITY.—The term “appropriate Federal entity” means—

(A) the Department of Defense;

(B) the Department of Energy;

(C) the Department of Homeland Security;

(D) the Department of Justice;

(E) the Department of Transportation;

(F) the Department of the Treasury; and

(G) the Office of the Director of National Intelligence.

(3) CLASSIFIED INFORMATION.—The term “classified information” means any information or material that has been determined by the Federal Government pursuant to an Executive order, statute, or regulation, to require protection against unauthorized disclosure for reasons of national security.

(4) COMMUNICATIONS EQUIPMENT AND SERVICES.—The term “communications equipment and services” includes any hardware, software, or other product or service primarily intended to fulfill or enable the function of information processing and communications by electronic means, including transmission and display, including over the internet.

(5) RISK.—The term “risk” means any aspect or property of the components of communications equipment and services or the associated supply chain that may be used to gain unauthorized access to a communications network, disrupt a communications network, disrupt the manufacture of communications equipment, disrupt consensus-driven industry standards for communications equipment and services, or otherwise harm a communications network or the users of the network, including gaining unauthorized access to data or redirecting data.

(6) SECRETARY.—The term “Secretary” means the Secretary of Commerce.

(7) SUPPLY CHAIN.—The term “supply chain”, with respect to communications equipment and services—

(A) means the network of persons and activities from source to delivery of the equipment and services; and

(B) includes—

(i) vendors, suppliers, and providers of the equipment and services; and

(ii) persons who manufacture, assemble, develop, or test the equipment and services.

(b) Ongoing review.—Consistent with the protection of classified information, the Secretary shall, in coordination with the head of each appropriate Federal entity, conduct an ongoing review of risks to the communications equipment and services marketplace and the supply chain thereof.

(c) Long-Term scenario and strategic planning.—

(1) DEVELOPMENT, ISSUANCE, AND IMPLEMENTATION OF PROCEDURES.—Not later than 180 days after the date of enactment of this section, consistent with the protection of classified information, the Secretary, in coordination with the head of each appropriate Federal entity, shall—

(A) develop and issue procedures to regularly facilitate—

(i) long-term scenario and strategic planning with private entities that have appropriate security clearances to review classified information about risks, including by—

(I) assessing the severity of risks posed to the marketplace of individual components of communications equipment and services and the supply chain thereof;

(II) identifying counterfeit communications equipment and services in the marketplace;

(III) assessing the ability of foreign governments or third parties to exploit the marketplace in a manner that raises risks;

(IV) identifying—

(aa) emerging risks and long-term trends in the marketplace of individual components or standards of communications equipment and services and the supply chain thereof; and

(bb) strategies to mitigate risks described in item (aa); and

(V) analyzing opportunities for asymmetric advantage;

(ii) the—

(I) preparation of unclassified information that raises awareness of risks, including, as appropriate, unclassified versions of any information shared under clause (i); and

(II) dissemination by the Secretary of the unclassified information described in subclause (I) to private entities that do not have appropriate security clearances; and

(iii) the voluntary sharing from private entities to the Secretary of information about risks to the marketplace; and

(B) carry out the procedures developed and issued under subparagraph (A).

(2) MANNER OF PRESENTATION.—The information shared with private entities under paragraph (1)(A)(i) shall be presented in a manner that identifies, assesses, and prioritizes risks, the mitigation of risks, and opportunities for asymmetric advantage.

(3) INFORMATION SHARED WITH OR PROVIDED TO THE FEDERAL GOVERNMENT.—

(A) NO WAIVER OF PRIVILEGE OR PROTECTION.—The provision of information to the Federal Government by a private entity under clause (i) or (iii) of paragraph (1)(A) shall not constitute a waiver of any applicable privilege or protection provided by law, including trade secret protection.

(B) PROPRIETARY INFORMATION.—Information provided to the Federal Government by a private entity under clause (i) or (iii) of paragraph (1)(A) shall be considered the commercial, financial, and proprietary information of the private entity.

(C) EXEMPTION FROM DISCLOSURE UNDER FOIA.—Information provided to the Federal Government by a private entity under clause (i) or (iii) of paragraph (1)(A) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code.

(D) EXEMPTION FROM FEDERAL REGULATORY AUTHORITY.—Information provided to the Federal Government by a private entity under clause (i) or (iii) of paragraph (1)(A) shall not be used by any Federal entity to regulate, including through an enforcement action, the lawful activities of the private entity.

(E) PROTECTION FROM LIABILITY.—No cause of action shall lie or be maintained in any court against a private entity, and such action shall be promptly dismissed, if the action is related to or arises out of the provision of information to the Federal Government by the private entity under clause (i) or (iii) of paragraph (1)(A).

(d) Report to Congress.—

(1) IN GENERAL.—Not later than 1 year after the date of enactment of this section, and biennially thereafter, the Secretary, in coordination with the head of each appropriate Federal entity, shall submit to the appropriate committees of Congress a report on the implementation of this section.

(2) CONTENTS.—The report required under paragraph (1) shall—

(A) include any recommendations that the Secretary, in collaboration with the heads of the appropriate Federal entities, may have for improvements or modifications to the procedures developed and issued under this section;

(B) evaluate the effectiveness of the procedures developed and issued under subsection (c)(1)(A);

(C) identify processes and procedures that improve the ability of private entities and the Federal Government to adapt to emerging risks to the marketplace;

(D) provide technical guidance on procurement of communications equipment and services offered by private entities in order to mitigate vulnerabilities;

(E) include recommendations to streamline the provision of security clearances for relevant private sector actors; and

(F) assess coordination between the heads of the appropriate Federal entities, including by identifying distinct competencies and jurisdictions of each appropriate Federal entity.

(3) FORM OF REPORTS.—Each report submitted under paragraph (1) shall be in unclassified form, but may include a classified annex.

(e) Rule of construction.—Nothing in this section shall be construed to authorize the Secretary or the head of any other Federal agency to issue new regulations.


Share This