The bill gives federal agencies until 2021 to scrub the Chinese telecoms from their networks.
The House passed its version of an annual defense bill Thursday that would bar government agencies and federal grant recipients from using technology provided by the Chinese telecommunications providers Huawei and ZTE.
Intelligence officials have warned the Chinese government could use those companies as digital spying tools.
The National Defense Authorization Act of 2019 would give agencies until 2021 to cut all ties with the Chinese companies and their affiliates and to scrub them from their supply chains.
The move comes about six months after Congress banned the anti-virus software made by Russia’s Kaspersky Lab from federal networks in the previous year’s version of the bill.
It also comes amid a legislative push to stop President Donald Trump from reversing a Commerce Department action that effectively put ZTE out of business.
That action came after ZTE repeatedly violated U.S. sanctions by selling equipment with U.S. components in it to Iran. Trump has urged repealing the ZTE ban as part of a deal to increase Chinese purchases of U.S. goods.
The majority of the more than $700 billion policy bill focuses on issues such as major weapons systems and force modernization initiatives.
The Senate draft of the bill bans Huawei and ZTE from Defense Department networks but does not extend the ban across the government, according to a summary released late Thursday. The Senate has not yet released a full draft of the bill, which passed that chamber’s Armed Services Committee Thursday.
The House bill also transfers day-to-day responsibility for managing Defense Department information networks from the Defense Information Systems Agency, or DISA, to U.S. Cyber Command.
That shift is part of a broader scheme by House Armed Services Chairman Mac Thornberry, R-Texas, to downsize so-called fourth estate military agencies that don’t report to a military service or combatant command.
The White House objected to that provision in a statement, saying it would “increase the cost of acquiring information technology” and “weaken the department’s ability to secure its cyber networks.”
DISA has declined to comment on the provision, which would remove some of its most vital functions.
Upgrading Email Privacy
A late amendment to the bill would require law enforcement to obtain a warrant before accessing emails that are more than six months old.
The amendment, offered by Rep. Kevin Yoder, R-Kansas, mirrors the Email Privacy Act, which passed the House last Congress but failed to gain traction in the Senate.
The bill has been endorsed by civil liberties groups who argue emails deserve the same legal privacy protections as paper records. Some civil liberties groups declined to support the recently passed Clarifying Lawful Overseas Use of Data, or CLOUD, Act, which also deals with email warrants, because it failed to wrap in the Email Privacy Act protections.
The House defense bill also:
- Authorizes a pilot program that would make it easier for military cyber pros to help civilian agencies protect critical infrastructure, such as airports and hospitals.
- Requires the Pentagon to provide Congress with detailed budget information about cyber vulnerability testing and mitigation operations for major weapons systems.
- Extends the deadline for a report on cyber vulnerability assessments across the department from 2019 to 2020.
- Authorizes a cyber training center run by the Army National Guard.
- Mandates that the Pentagon to report to Congress on any data breach that includes a significant loss of troops’ personally identifying information.
- Orders a study on the feasibility of creating cyber civil support teams in military reserve units.
- Limits the military to only five high ranking officials with the title chief information officer.
- Requires a study on how the Defense Department can recruit more students from minority-serving colleges and universities into military careers focused on technology and cybersecurity.
- Mandates a report on U.S. cyber cooperation with Ukraine.
- Adds cybersecurity and computer programming to Junior Reserve Officers’ Training Corps curriculum.
- Requires a report on the feasibility of a Defense Department cyber apprentice program.