The bill also requires a governmentwide strategy to counter Chinese cyber threats.
Government agencies would be prohibited from using technology provided by the Chinese companies Huawei and ZTE under House Armed Services Chairman Mac Thornberry’s draft of a must-pass annual defense policy bill released Monday.
The National Defense Authorization Act draft would also bar the military from purchasing or renewing contracts with any vendors that work with Huawei or ZTE or use the companies’ technology in their supply chains.
The bill cites concerns that Chinese intelligence services might use Huawei or ZTE tools to steal U.S. government data, a claim Huawei has denied.
The legislation offers agency heads a two-year waiver from the ban if it takes that long to change vendors or for existing vendors to update their supply chains.
The proposal “enjoys wide bipartisan support” according to a bill summary. It follows a similar governmentwide ban for the Russian anti-virus Kaspersky in last year’s National Defense Authorization Act.
Separately, the Federal Communications Commission is pursuing a strategy that would bar federal funding to U.S. telecom providers that work with Huawei and ZTE.
In general, the U.S. government has been far more aggressive about banning foreign companies from its systems since the 2016 election, which was undermined by Russian hacking and influence operations.
The bill other cyber-focused initiatives include:
- Expands the Pentagon’s authority to expedite hiring for civilians into positions that focus on fields including cybersecurity, technology, science and acquisition.
- Requires a quarterly report on cyber readiness.
- Explicitly tasks the National Security Council with responding to digital influence campaigns similar to the Russian efforts to undermine the 2016 election. It would also require the president to report to Congress within nine months about a “whole-of-government strategy for combating malign foreign influence operations.”
- Requires, by March 2019, a presidential strategy for competition with China, including Chinese offensive cyber activities and digital theft of intellectual property.
- Increases funding for missile defense system cybersecurity.
- Allows the Secretary of Defense to impose greater security clearance screening requirements on Pentagon employees who hold dual citizenships, including requiring a polygraph for some positions that would not normally require them. The provisions are not expected to increase the long backlog for security clearances, the bill text states.
- Prohibits the Defense Department from assuming responsibility for governmentwide security clearances before the end of 2019, by which time another NDAA bill will presumably have passed. Currently, the Defense Department provides security for the security clearance system, which is managed by the civilian government. The 2018 version of the NDAA gave the secretary of defense three years to shift Defense Department and military clearances back into the Pentagon.