recommended reading

Annual Defense Bill Likely To Slip in Cyber Clampdown on Contractors

Brandon Bourdages/

After the midterm elections tomorrow, Congress is expected to act on the closest thing to cybersecurity legislation it can pass without running into gridlock.

The National Defense Authorization Act, an annual must-pass package, typically includes several items intended to shore up federal computer systems. For the most part, the bill sidesteps the divisive issues, such as the regulation of private networks and domestic cyberspying.

This year, the House version of the bill would prejudice computer systems proposed for federal contracts that contain components from “a company suspected of being influenced by a foreign country, or a suspected affiliate of such a company.”

It also would disfavor contractors located near military facilities whose own private, internal networks contain such parts.

Vendors are warning lawmakers the mandate could equate to a ban on U.S. multinational companies and an invitation for the U.S. government to surveil their private communications.

“We don't know if they are after Huawei or who they are after,” Pamela Walker, senior director for homeland security with the IT Industry Council, said on Monday, referring to the Chinese telecom giant accused of cyber espionage. “What were they trying to solve with this language?”

The measure "could sweep into the bill’s scope a whole range of multinational companies -- including U.S.-based ones -- who have R&D, manufacturing and sales activities all over the world, and often related relationships with various governments," council officials stated in recommendations submitted to Congress last month. "The economic impact from the exclusion of any one reasonably sized innovative commercial IT or telecommunications company under such conditions could easily have an impact in the hundreds of millions and cost countless jobs."

House, Senate Still Haggling Over Final Version of Bill

House and Senate staff currently are reconciling differences in their two bills so that lawmakers can pass the bill by year’s end.  

The clause in question would require the Pentagon and the Director of National Intelligence to inform lawmakers each time there is a contract proposal containing a part made by a company “influenced by” a foreign nation. Think firms in Russia, or even India.  

The government would also have to flag corporate networks “in proximity to Department of Defense or intelligence community facilities” that might be influenced by another country. Perhaps a sandwich shop near a military base that uses routers made by Huawei.

All contracts for Defense and intelligence community IT would be affected. 

The council generally backs federal efforts to bake cybersecurity into the contracting process to bolster the nation's resiliency and protect corporate intellectual property. But the group opposes the foreign manufacturing clause, which it views as too broad and vague.

The provision, industry fears, could provoke foreign backlash, cutting off U.S. companies from overseas markets.

Following revelations by ex-intelligence contractor Edward Snowden about mass online spying, many countries are already concerned about the security of U.S. products.

American cloud companies face losses as high as $180 billion by 2016 as a result of the leaks, James Staten, principal analyst at Forrester, said in 2013.

"Product security is a function of how a product is made, used and maintained, not only by whom or where it is made, or by the relationship a vendor has with any particular government," council officials said.

Law Could Slow Down Procurements

Geographic restrictions might actually prevent an agency from buying the best, most-secure systems, they added.

Walker said industry is “very hopeful,” based on feedback from congressional staff, the provision will be refined, though she would like it removed altogether. “It sounds like it is going to be a compromise,” she said.

The IT community raised similar objections last year when a fiscal 2014 spending package mandated the inspection of various agency systems for, specifically, malicious Chinese parts.

The measure passed and now the departments of Commerce and Justice along with NASA and the National Science Foundation must assess “any risk of cyber-espionage or sabotage" in computer systems "produced, manufactured or assembled" by entities "that may be owned, directed, or subsidized by the People’s Republic of China."

Walker said the law has “slowed down some of the procurement" in the IT realm.

(Image via Brandon Bourdages/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.