Protecting the Fruits of our Labor from China

iStock image

For decades, the National Defense Industrial Association and its members have worked hard to ensure U.S. and allied war­fighters enjoy decisive advantage across the spectrum of conflict. American innovation is at the heart of delivering this advantage.

These innovations, however, are increasingly under threat as China systematically steals our intellectual property. With the advent of 5G technology, they are preparing to conduct their theft on a previously unimaginable scale, leading U.S. decision-makers to develop and implement bipartisan policies to counter these aggressive, illegal actions.

Despite high levels of partisanship in Washington, the Chinese threat to American IP is one area where the administration and Congress agree and are acting to defend our national security. These actions, however, could dramatically impact the health and size of the defense industrial base.

The Cybersecurity Maturity Model Certification (CMMC) is one of the administration’s most public efforts to thwart the loss of IP to China and Chinese companies. The Pentagon released CMMC v1.0 in January. It contains requirements to enhance cyber fortifications across the defense contracting community by rolling out “pass/fail” standards impacting the industrial base from primes down to the smallest subcontractor.

Starting in October, beginning with select high-impact contracts with cutting edge technology, prime and subcontracting companies lacking CMMC certification at the level defined by the contract will be ineligible to compete. By 2026, all Defense Department contracts will contain CMMC requirements.

NDIA will continue to work closely with the department, the CMMC accreditation body and our members to ensure a smooth rollout of this critical emerging requirement.

Less discussed but likely more impactful are Congressional actions to directly mitigate China’s threat. In the 2019 National Defense Authorization Act, Congress took the dramatic step of banning government procurement of products from Chinese companies Huawei, ZTE and their affiliates. Congress has seen evidence these two telecommunication companies — and clearly many more — operate as extensions of the Chinese Communist Party, allowing the nation to spy on communications and collect data stored on networks containing Huawei and ZTE components. Congressional concern recently intensified when representatives learned Huawei can also covertly access mobile networks through back doors meant for law enforcement.

The Congressional ban — contained in Section 889 of the fiscal year 2019 NDAA — has two parts: a U.S. government agency prohibition against purchasing any telecommunication products containing Huawei or ZTE components after August 2019, and a U.S. government agency prohibition against purchasing any products from any companies that use Huawei or ZTE equipment or components within their internal systems as of Aug. 13, 2020.

The government is currently trying to implement the first part, which has proven difficult. The second, however, poses a significantly more complicated set of challenges. It stretches far beyond government procured products and services, requiring insight into and potential oversight of the way U.S. and non-U.S. companies conduct business more broadly, in order to protect and defend U.S. interests. This policy that has significant potential for disruption hinges on predatory Huawei and ZTE business strategies.

After stealing American and allied IP they file for Chinese patents, providing them with cutting edge technology without the associated research and development costs. Huawei and ZTE pass their “savings” onto customers, creating a dependency on their low-cost products and components. This strategy leads to broad penetration of the international business market and throughout the U.S. and allied defense industrial bases.

The Pentagon, which recently held a public meeting to obtain industry input on the potential impact of the more stringent second requirement, is designing rules outlining implementation. A strict reading of the statute requires the department to demand companies large and small to replace current equipment and internal systems to qualify for Defense Department contracts and business. This demand will ripple through existing and emerging contracts, impacting everyone from the largest multinational contractors down to companies receiving prime contracts under small business set-asides.

When the second part takes effect, companies with Huawei and ZTE equipment or components in their government offerings face significant disruption as they seek alternatives.

Compliance with CMMC and the two parts of Section 889 will come at a cost to both industry and government. Companies will require resources, personnel and money to secure networks against penetration and exploitation. And the department’s imperative to “go faster” on innovative programs will likely run into the competing imperative of protecting the IP that drives innovation.

Thus, collaboration across government and industry is critical in developing effective barriers to cyberthreats at the lowest possible cost to U.S. and allied contractors.

NDIA supports the bipartisan Congressional and administration policies requiring protection of America’s most valuable natural resource — our creativity. The association will ensure our members have a voice during the discussions that help define emerging policies and will provide background and compliance updates at NDIA.org/CMMC.

Additionally, NDIA will continue to act as an honest broker, convening events to drive collaboration and working with policymakers to craft regulations without inadvertently imposing requirements that drive costs without benefit. 

Retired Air Force Gen. Hawk Carlisle is president and CEO of NDIA.

Topics: International