[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 1419 Introduced in Senate (IS)]
<DOC>
117th CONGRESS
1st Session
S. 1419
To require the Secretary of Defense to support and provide incentives
for domestic manufacturing of printed circuit boards, to identify
national security risks in printed circuit boards imported from certain
foreign countries, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
April 28, 2021
Mr. Hawley introduced the following bill; which was read twice and
referred to the Committee on Armed Services
_______________________________________________________________________
A BILL
To require the Secretary of Defense to support and provide incentives
for domestic manufacturing of printed circuit boards, to identify
national security risks in printed circuit boards imported from certain
foreign countries, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Protecting Critical Boards and
Electronics Through Transparency and Enduring Reinvestment Act of
2021'' or the ``PCBETTER Act of 2021''.
SEC. 2. ESTABLISHMENT OF ELECTRONICS SUPPLY CHAIN FUND AND ASSISTANCE
AND INCENTIVES FOR DOMESTIC MANUFACTURING OF PRINTED
CIRCUIT BOARDS.
(a) Establishment of Electronics Supply Chain Fund.--There is
established in the Treasury of the United States a trust fund to be
known as the ``Electronics Supply Chain Fund'' (in this section the
``Fund'').
(b) Contents of Fund.--
(1) In general.--The Fund shall consists of such amounts as
may be appropriated for deposit in the Fund.
(2) Availability.--
(A) In general.--Amounts deposited in the Fund
shall remain available through the end of the tenth
fiscal year beginning after the date on which funds are
first appropriated to the Fund.
(B) Remainder to treasury.--Any amounts remaining
in the Fund after the date specified in subparagraph
(A) shall be deposited in the general fund of the
Treasury.
(c) Use of Fund.--Amounts deposited in the Fund shall be available
to the Secretary of Defense--
(1) to fund the construction, expansion, or modernization
of facilities to develop or manufacture semiconductors,
microelectronics, advanced electronic packaging, and printed
circuit boards;
(2) to carry out subsection (d); and
(3) to carry out section 4(a).
(d) Specific Activities Required.--Using amounts from the Fund, the
Secretary of Defense, in consultation with the Secretary of Commerce,
the Secretary of Homeland Security, the Director of National
Intelligence, and such other officials as the Secretary of Defense
considers appropriate, shall--
(1) promote and deploy technology, including
microelectronics, printed circuit boards, semiconductors, and
related technologies so as to create a commercially competitive
electronics industry in the United States capable of meeting
United States national security needs;
(2) establish production and manufacturing sites for the
technologies described in paragraph (1); and
(3) establish security standards necessary for the
implementation of--
(A) this Act;
(B) section 889 of the John S. McCain National
Defense Authorization Act for Fiscal Year 2019 (Public
Law 115-232; 132 Stat. 1917);
(C) section 224 of the National Defense
Authorization Act for Fiscal Year 2020 (Public Law 116-
92; 10 U.S.C. 2302 note); and
(D) section 841 of the William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
(Public Law 116-283).
(e) Printed Circuit Board Manufacturing as Qualifying Capability.--
The Secretary of Defense shall consider printed circuit board
manufacturing as a qualifying capability when making funds available
for the construction, expansion, or modernization of domestic
development or manufacturing capabilities for semiconductors or
electronic packaging.
SEC. 3. REQUIREMENT THAT CERTAIN PROVIDERS OF SYSTEMS TO DEPARTMENT OF
DEFENSE DISCLOSE THE SOURCE OF PRINTED CIRCUIT BOARDS
WHEN SOURCED FROM CERTAIN COUNTRIES.
(a) Disclosure.--The Secretary of Defense shall require any
provider of a covered system to provide to the Department of Defense,
along with delivery of the covered system, a list of the printed
circuit boards in the covered system that includes, for each printed
circuit board, an attestation of whether--
(1) the printed circuit board was partially or fully
manufactured and assembled in a covered nation;
(2) the printed circuit board was fully manufactured and
assembled outside of a covered nation; or
(3) the provider cannot determine where the printed circuit
board was manufactured and assembled.
(b) Regulations.--Not later than 90 days after the date of the
enactment of this Act, the Secretary shall promulgate such regulations
as are necessary to carry out this section.
(c) Definitions.--In this section:
(1) The term ``covered nation'' includes the following:
(A) The People's Republic of China.
(B) The Russian Federation.
(C) The Democratic People's Republic of North
Korea.
(D) The Islamic Republic of Iran.
(2) The term ``covered system'' means any item, including
commercial items and commercially available off-the-shelf
items, notwithstanding section 3452 of title 10, United States
Code, as redesignated by section 1821(a)(1) of the William M.
(Mac) Thornberry National Defense Authorization Act for Fiscal
Year 2021 (Public Law 116-283), or sections 1906 and 1907 of
title 41, United States Code, that--
(A) has an electronic component;
(B) is provided to the Department of Defense under
a contract that exceeds the simplified acquisition
threshold; and
(C) transmits or stores information including--
(i) telecommunications;
(ii) data communications and storage,
including servers, switches, and networking
systems, but excluding personal data storage
devices, personal computers, desktop computers,
tablets, and handheld equipment;
(iii) information technology security
systems; and
(iv) any other system that the Secretary
determines should be covered.
(3) The term ``manufactured and assembled'', with respect
to a printed circuit board, includes all actions from the
printing of the printed circuit board from raw materials to the
integration of the completed printed circuit board in an end
item or component of an end item.
SEC. 4. DEPARTMENT OF DEFENSE TESTING OF VULNERABILITY OF SYSTEMS WITH
PRINTED CIRCUIT BOARDS FROM CERTAIN COUNTRIES AND
REMEDIATION AND PREVENTION OF SUCH VULNERABILITIES.
(a) Testing.--
(1) Program establishment required.--Not later than one
year after the date of the enactment of this Act, the Secretary
of Defense shall establish a program to test systems owned or
operated by the Department of Defense for vulnerabilities to
foreign interference, sabotage, espionage, and attack.
(2) Required testing for certain systems.--Through the
program established under paragraph (1), the Secretary shall
test each system of the Department that contains at least one
printed circuit board for which a disclosure was made pursuant
to section 3(a) and an attestation was made with respect to
paragraph (1) or (3) of such section.
(3) Methods.--The Secretary shall ensure that the program
established under paragraph (1) uses, to the maximum extent
practicable, best-in-breed testing and detection methods used
by commercial industry, including--
(A) penetration testing;
(B) red teaming; and
(C) inventory auditing.
(b) Remediation.--
(1) Designation.--Whenever informed of a vulnerability in a
system under the program established under subsection (a)(1),
the Secretary shall designate a senior official of the
Department to remediate the vulnerability as soon as
practicable.
(2) Requirements.--Remediation under paragraph (1) shall
include those measures that the designated official determines
necessary to lower the risk to acceptable levels, including--
(A) adding hardware or software to isolate and
contain any malicious printed circuit board;
(B) destruction, deactivation, or replacement of
the system containing the vulnerability; or
(C) physical modification of the system containing
the vulnerability through the insertion of a trusted
printed circuit board or other hardware that does not
contain known vulnerabilities.
(3) Assignment of costs.--
(A) Determination.--Whenever a vulnerability is
found in a system from a contractor through the program
established under subsection (a)(1), the Secretary of
Defense shall determine whether the contractor should
reasonably have discovered the vulnerability prior to
delivery of the system to the Department.
(B) Payment by contractor.--If, pursuant to
subparagraph (A), the Secretary determines that a
contractor should reasonably have discovered the
vulnerability prior to delivery to the Department, the
Secretary may withhold future payments to the
contractor in an amount not to exceed the amount
expended by the Department on remediation of the
affected system.
(C) Presumption.--
(i) In general.--If the Secretary
determines that a vulnerability identified
through the program established under
subsection (a)(1) is the result of any printed
circuit board that the contractor imported from
the People's Republic of China after December
31, 2021, the Secretary shall presume that the
contractor reasonably should have discovered
the vulnerability prior to delivery to the
Department.
(ii) Rebuttal allowed.--The contractor may
rebut a presumption under clause (i) with a
showing of technical impossibility.
(c) Prevention.--Not later than one year after the date of the
enactment of this Act, the Secretary shall promulgate such regulations
as the Secretary considers necessary to require contractors selling
goods or services to the Department that include printed circuit boards
to undertake such due diligence as the Secretary considers appropriate
to prevent the occurrence of vulnerabilities in such goods and
services, including--
(1) certification of the ownership, management, and
security of subcontractors;
(2) conducting penetration testing, red teaming exercises,
and other simulated attacks against the good or service; and
(3) compliance with the Cybersecurity Maturity Model
Certification, or successor model certification.
(d) Annual Reports.--
(1) In general.--Not later than December 31 of each year,
the Secretary of Defense shall submit to the congressional
defense committees a report on the activities carried out under
this section during the preceding fiscal year.
(2) Contents.--Each report submitted under paragraph (1)
shall include, for the period covered by the report, the
following:
(A) The number of systems tested for
vulnerabilities.
(B) The number of systems identified as having a
vulnerability.
(C) The number of systems that the Department has
yet to test under this section.
(D) The identity of any contractors that have been
identified as failing to reasonably discover a
vulnerability in a good or service provided to the
Department of Defense.
(E) Such other information as the Secretary
considers appropriate.
(e) Congressional Defense Committees Defined.--In this section, the
term ``congressional defense committees'' has the meaning given that
term in section 101(a) of title 10, United States Code.
<all>