[House Report 115-907]
[From the U.S. Government Publishing Office]


115th Congress   }                                     {        Report
                        HOUSE OF REPRESENTATIVES
 2d Session      }                                     {       115-907

======================================================================



 
        SECURING THE HOMELAND SECURITY SUPPLY CHAIN ACT OF 2018

                                _______
                                

August 28, 2018.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

  Mr. McCaul, from the Committee on Homeland Security, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 6430]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 6430) to amend the Homeland Security Act of 2002 
to authorize the Secretary of Homeland Security to implement 
certain requirements for information relating to supply chain 
risk, and for other purposes, having considered the same, 
report favorably thereon without amendment and recommend that 
the bill do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     2
Background and Need for Legislation..............................     2
Hearings.........................................................     3
Committee Consideration..........................................     3
Committee Votes..................................................     3
Committee Oversight Findings.....................................     3
New Budget Authority, Entitlement Authority, and Tax Expenditures     3
Congressional Budget Office Estimate.............................     4
Statement of General Performance Goals and Objectives............     5
Duplicative Federal Programs.....................................     5
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................     5
Federal Mandates Statement.......................................     5
Preemption Clarification.........................................     5
Disclosure of Directed Rule Makings..............................     5
Advisory Committee Statement.....................................     6
Applicability to Legislative Branch..............................     6
Section-by-Section Analysis of the Legislation...................     6
Changes in Existing Law Made by the Bill, as Reported............     7

                          Purpose and Summary

    The purpose of H.R. 6430 is to provide the Secretary of 
Homeland Security with the authority to restrict certain 
procurements related to information technology and associated 
products if, following a risk assessment, it is determined the 
vendor poses a threat to the DHS supply chain. If such a 
restriction is made, the Secretary is permitted to limit the 
amount of information disclosed about the decision-making 
process.

                  Background and Need for Legislation

    Federal agencies rely on contractors to provide them with 
products and services to carry out their missions and the 
Department of Homeland Security (DHS) is no exception. This 
could put an agency, such as DHS, at risk if the products and 
services supplied are exploited to introduce vulnerabilities 
into the Department's supply chain.
    The legislation provides the Secretary of Homeland Security 
with authority to restrict certain procurements related to 
information technology and associated products if, following a 
risk assessment, it is determined the vendor poses a threat to 
the DHS supply chain. If such a restriction is made, the 
Secretary is permitted to limit the amount of information 
disclosed about the decision-making process.
    The complexity of the global supply chain can make 
identifying threats accurately a challenge. In the words of the 
Government Accountability Office (GAO), the complicated global 
economy means that ``. . . agencies may have little visibility 
into, understanding of, or control over how the technology that 
they acquire is developed, integrated, and deployed . . .''\1\ 
Recent public reports about potential supply chain threats 
linked to foreign-based firms such as Kaspersky, ZTE, and 
Huawei highlight the pervasive and growing threats to the 
federal supply chain.
---------------------------------------------------------------------------
    \1\``State Department Telecommunications: Information on Vendors 
and Cyber-Threat Nations,'' The Government Accountability Office, July 
27, 2017. Accessed at: https://www.gao.gov/assets/690/686197.pdf.
---------------------------------------------------------------------------
    During a July 2018 hearing, DHS witnesses testified about 
their lack of authority to assess and mitigate risks to the 
supply chain during the procurement process and the need for 
more authority. One witness stated, ``Gaps exist in the 
Department's authority to use intelligence to support its 
procurement decisions when a significant supply chain risk 
cannot be mitigated. . . . [I]n those exceptional cases where 
mitigation is not possible the Department needs the capability 
to react swiftly while appropriately restricting the disclosure 
of other national security sensitive information.''\2\
---------------------------------------------------------------------------
    \2\Oral testimony of Dr. John Zangardi, ``Access Denied: Keeping 
Adversaries Away from the Homeland Security Supply Chain,'' Joint 
Subcommittee on Counterterrorism and Intelligence and the Subcommittee 
on Oversight, Management, and Efficiency Hearing, July 12, 2018.
---------------------------------------------------------------------------
    In 2011, Congress granted the Department of Defense (DOD) 
special authorities to protect their procurement process. 
Section 806 of the National Defense Authorization Act (P.L. 
111-383) gave DOD the authority to proactively prevent an 
entity or source from being selected during a procurement 
process if the Secretary of Defense determines, after a risk 
assessment, that the use of the source presents a risk to the 
supply chain. The Intelligence Community has a similar 
exclusion power.\3\ On June 19, 2018, the Senate Homeland 
Security and Governmental Affairs Committee released the 
bipartisan ``Federal Acquisition Supply Chain Security Act 
(FASCSA) of 2018'' to develop a government-wide SCRM policy. On 
July 10, 2018, the White House released a draft legislative 
proposal, similar to the Federal Acquisition Supply Chain 
Security Act. The authority in H.R. 6430, is based on DOD's 
Section 806 authority and includes important components from 
the OMB proposal.
---------------------------------------------------------------------------
    \3\See Section 309 of the Intelligence Authorization Act for FY 
2012 (Pub. L. 112-87), entitled ``Enhanced Procurement Authority to 
Manage Supply Chain Risk'' and codified at 50 U.S.C. Sec. 3329, note.
---------------------------------------------------------------------------

                                Hearings

    No hearings were specifically held on H.R. 6430. However, 
the Committee held an investigative hearing on protecting the 
Department of Homeland Security's vendor processes. On 
Thursday, July 12, 2018, the Subcommittee on Counterterrorism 
and Intelligence and the Subcommittee on Oversight and 
Management Efficiency of the Committee on Homeland Security 
held a hearing entitled ``Access Denied: Keeping Adversaries 
Away from the Homeland Security Supply Chain''. The 
Subcommittees received testimony from Ms. Soraya Correa, Chief 
Procurement Officer; Dr. John Zangardi, Chief Information 
Officer; Ms. Jeanette Manfra, Assistant Secretary in the Office 
of Cybersecurity and Communications, National Protection and 
Programs Directorate; Ms. Tina W. Gabbrielli, Acting Deputy 
Under Secretary for Intelligence Enterprise Operations; and Mr. 
Gregory Wilshusen, Director of Information Security Issues, 
Government Accountability Office.

                        Committee Consideration

    The Committee met on July 24, 2018, to consider H.R. 6430, 
and ordered the measure to be reported to the House with a 
favorable recommendation, without amendment, by unanimous 
consent.

                            Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto.
    No recorded votes were requested during consideration of 
H.R. 6430.

                      Committee Oversight Findings

    Pursuant to clause 3(c)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee has held oversight 
hearings and made findings that are reflected in this report.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee finds that H.R. 
6430, the Securing the Homeland Security Supply Chain Act of 
2018, would result in no new or increased budget authority, 
entitlement authority, or tax expenditures or revenues.

                  Congressional Budget Office Estimate

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 402 of the Congressional Budget Act of 1974.

                                     U.S. Congress,
                               Congressional Budget Office,
                                    Washington, DC, August 6, 2018.
Hon. Michael McCaul,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for Department of Homeland 
Security legislation ordered reported by the Committee on 
Homeland Security on July 24, 2018.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Mark 
Grabowicz.
            Sincerely,
                                                Keith Hall,
                                                          Director.
    Enclosure.

Department of Homeland Security Legislation

    On July 24, the House Committee on Homeland Security 
ordered three bills to be reported. The bills are:
           H.R. 6400, the United States Ports of Entry 
        Threat and Operational Review Act;
           H.R. 6430, the Securing the Homeland 
        Security Supply Chain Act of 2018; and
           H.R. 6438, the DHS Countering Unmanned 
        Aircraft Systems Coordinator Act.
    H.R. 6400 would require the Department of Homeland Security 
(DHS) to prepare an analysis of security issues at U.S. ports 
of entry and a plan to mitigate threats to ports. H.R. 6430 
would authorize DHS to take certain actions to improve the 
security of information and telecommunications systems acquired 
by the department. H.R. 6438 would direct DHS to designate one 
of its officials to coordinate the department's efforts to 
combat threats from unmanned aircraft systems (or drones).
    CBO estimates that enacting those bills would not 
significantly affect spending by DHS in any fiscal year because 
the department could implement each bill with minimal 
additional personnel.
    Enacting the bills would not affect direct spending or 
revenues; therefore, pay-as-you-go procedures do not apply.
    CBO estimates that enacting the bills would not increase 
net direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2029.
    None of the bills contain intergovernmental or private-
sector mandates as defined in the Unfunded Mandates Reform Act.
    The CBO staff contact for this estimate is Mark Grabowicz. 
The estimate was reviewed by H. Samuel Papenfuss, Deputy 
Assistant Director for Budget Analysis.

         Statement of General Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of rule XIII of the Rules of the 
House of Representatives, H.R. 6430 contains the following 
general performance goals and objectives, including outcome 
related goals and objectives authorized. H.R. 6430 authorizes 
the Secretary of Homeland Security to restrict certain 
procurements related to information technology and associated 
products if it is determined that the procurement poses a 
national security risk. The bill requires the Secretary to 
notify the appropriate Committees of the Senate and House of 
Representatives, as well as the Office of Management and Budget 
and the vendor of the risk determination. The bill also 
requires the Secretary to review existing procedures and 
guidelines used by the Department of Defense when developing 
the procedures and guidelines for the Department of Homeland 
Security. Lastly, the bill requires the Secretary to review any 
supply chain restrictions determined under the Act on an annual 
basis.

                      Duplicative Federal Programs

    Pursuant to clause 3(c) of rule XIII, the Committee finds 
that H.R. 6430 does not contain any provision that establishes 
or reauthorizes a program known to be duplicative of another 
Federal program.

   Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
                                Benefits

    In compliance with rule XXI of the Rules of the House of 
Representatives, this bill, as reported, contains no 
congressional earmarks, limited tax benefits, or limited tariff 
benefits as defined in clause 9(e), 9(f), or 9(g) of the rule 
XXI.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                        Preemption Clarification

    In compliance with section 423 of the Congressional Budget 
Act of 1974, requiring the report of any Committee on a bill or 
joint resolution to include a statement on the extent to which 
the bill or joint resolution is intended to preempt State, 
local, or Tribal law, the Committee finds that H.R. 6430 does 
not preempt any State, local, or Tribal law.

                  Disclosure of Directed Rule Makings

    The Committee estimates that H.R. 6430 would require no 
directed rule makings.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation


Section 1. Short title

    This section provides that this bill may be cited as the 
``Securing the Homeland Security Supply Chain Act of 2018''.

Sec. 2. Department Of Homeland Security requirements for information 
        relating to supply chain risk

    This section establishes a new Section 836 in the Homeland 
Security Act as follows:
    Subsection (a) authorizes the Secretary of Homeland 
Security to take the following actions related to the 
procurement of a covered article, which includes information 
technology, telecommunications items, databases, and associated 
hardware and services:
          1. exclude a source from the procurement process if 
        the source fails to meet established supply chain risk 
        standards or is determined not to be a responsible 
        source; and direct a contractor to exclude a particular 
        source for a subcontract;
          2. limit the information disclosed, including 
        classified information, about the basis for carrying 
        out a covered procurement action; and
          3. exclude a source, if identified to be a threat, 
        from procurements or contracts across the Department.
    Subsection (b) authorizes the Secretary to take the action 
permitted in subsection (a) only after:
          1. obtaining a joint recommendation from the 
        Department's Chief Acquisition Officer and Chief 
        Information Officer that there is a significant supply 
        chain risk in a covered procurement;
          2. providing notice of the recommendation to any 
        source named in such recommendation and allowing that 
        source 30 days to submit information in response;
          3. notifying the relevant Departmental components of 
        the risk;
          4. documenting in writing the determination that the 
        use of the authority is necessary; there are no less 
        intrusive measures available to reduce the risk; that 
        disclosing information about the risk and the 
        procurement would pose a greater risk to national 
        security; and whether the exclusion will apply to a 
        single covered procurement or a class of covered 
        procurements;
          5. providing notice of the determination to the 
        Committee on Homeland Security of the House and the 
        Committee on Homeland Security and Governmental Affairs 
        of the Senate;
          6. notifying the Director of the Office of Management 
        and Budget, and other appropriate Federal agencies; and
          7. taking steps necessary to maintain the 
        confidentiality of any notifications made under this 
        subsection.
    Subsection (c) allows the Secretary to delay the 
notification requirements in subsection (b) to the source named 
in the recommendation, Congress, and the Office of Management 
and Budget, and still make a determination to exclude a source 
under subsection (b)(4) if there is an urgent national security 
reason for an immediate use of the authorities in subsection 
(a). Once the national security issue has been addressed, the 
Secretary must take action to complete the notification 
requirements.
    Subsection (d) requires the Secretary to review all of the 
exclusion determinations made pursuant to subsection (b) on an 
annual basis.
    Subsection (e) prohibits the Secretary from delegating the 
authority in subsection (a) or subsection (d) to any 
Departmental official below the Deputy Secretary level.
    Subsection (f) exempts any action taken under subsection 
(a) from review under a bid protest through the Government 
Accountability Office or in Federal Court.
    Subsection (g) requires the Secretary to review similar 
procedures and guidelines used by the Department of Defense 
when developing the procedures and guidelines for the 
Department of Homeland Security.
    Subsection (h) defines the following terms: ``covered 
article,'' ``covered procurement,'' ``covered procurement 
action,'' ``information technology,'' ``responsible source,'' 
``supply chain risk,'' ``telecommunications equipment,'' and 
``telecommunications service.''
    Subsection (i) sets 90 days after enactment as the 
effective date for the authorities described in this section.
    In addition, this section exempts the Secretary from public 
notice and meeting requirements related to the Federal 
rulemaking procedures established under section 553 of Title 5 
and section 1707 of Title 41.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (new matter is 
printed in italic and existing law in which no change is 
proposed is shown in roman):

                     HOMELAND SECURITY ACT OF 2002


SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

  (a) Short Title.--This Act may be cited as the ``Homeland 
Security Act of 2002''.
  (b) Table of Contents.--The table of contents for this Act is 
as follows:

Sec. 1. Short title; table of contents.
     * * * * * * *

 TITLE VIII--COORDINATION WITH NON-FEDERAL ENTITIES; INSPECTOR GENERAL; 
      UNITED STATES SECRET SERVICE; COAST GUARD; GENERAL PROVISIONS

     * * * * * * *

                        Subtitle D--Acquisitions

     * * * * * * *
Sec. 836. Requirements for information relating to supply chain risk.

           *       *       *       *       *       *       *


TITLE VIII--COORDINATION WITH NON-FEDERAL ENTITIES; INSPECTOR GENERAL; 
UNITED STATES SECRET SERVICE; COAST GUARD; GENERAL PROVISIONS

           *       *       *       *       *       *       *


Subtitle D--Acquisitions

           *       *       *       *       *       *       *


SEC. 836. REQUIREMENTS FOR INFORMATION RELATING TO SUPPLY CHAIN RISK.

  (a) Authority.--Subject to subsection (b), the Secretary 
may--
          (1) carry out a covered procurement action;
          (2) limit, notwithstanding any other provision of 
        law, in whole or in part, the disclosure of 
        information, including classified information, relating 
        to the basis for carrying out such an action; and
          (3) exclude, in whole or in part, a source carried 
        out in the course of such an action applicable to a 
        covered procurement of the Department.
  (b) Determination and Notification.--Except as authorized by 
subsection (c) to address an urgent national security interest, 
the Secretary may exercise the authority provided in subsection 
(a) only after--
          (1) obtaining a joint recommendation, in unclassified 
        or classified form, from the Chief Acquisition Officer 
        and the Chief Information Officer of Department, 
        including a review of any risk assessment made 
        available by an appropriate person or entity, that 
        there is a significant supply chain risk in a covered 
        procurement;
          (2) notifying any source named in the joint 
        recommendation described in paragraph (1) advising--
                  (A) that a recommendation has been obtained;
                  (B) to the extent consistent with the 
                national security and law enforcement 
                interests, the basis for such recommendation;
                  (C) that, within 30 days after receipt of 
                notice, such source may submit information and 
                argument in opposition to such recommendation; 
                and
                  (D) of the procedures governing the 
                consideration of such submission and the 
                possible exercise of the authority provided in 
                subsection (a);
          (3) notifying the relevant components of the 
        Department that such risk assessment has demonstrated 
        significant supply chain risk to a covered procurement; 
        and
          (4) making a determination in writing, in 
        unclassified or classified form, that after considering 
        any information submitted by a source under paragraph 
        (2), and in consultation with the Chief Information 
        Officer of the Department, that--
                  (A) use of authority under subsection (a)(1) 
                is necessary to protect national security by 
                reducing supply chain risk;
                  (B) less intrusive measures are not 
                reasonably available to reduce such risk;
                  (C) a decision to limit disclosure of 
                information under subsection (a)(2) is 
                necessary to protect national security 
                interest; and
                  (D) the use of such authorities will apply to 
                a single covered procurement or a class of 
                covered procurements, and otherwise specifies 
                the scope of such determination;
          (5) providing to the Committee on Homeland Security 
        of the House of Representatives and the Committee on 
        Homeland Security and Governmental Affairs of the 
        Senate a classified or unclassified notice of the 
        determination made under paragraph (4) that includes--
                  (A) the joint recommendation described in 
                paragraph (1);
                  (B) a summary of any risk assessment reviewed 
                in support of such joint recommendation; and
                  (C) a summary of the basis for such 
                determination, including a discussion of less 
                intrusive measures that were considered and why 
                such measures were not reasonably available to 
                reduce supply chain risk;
          (6) notifying the Director of the Office of 
        Management and Budget, and the heads of other Federal 
        agencies as appropriate, in a manner and to the extent 
        consistent with the requirements of national security; 
        and
          (7) taking steps to maintain the confidentiality of 
        any notifications under this subsection.
  (c) Procedures to Address Urgent National Security 
Interests.--In any case in which the Secretary determines that 
national security interests require the immediate exercise of 
the authorities under subsection (a), the Secretary--
          (1) may, to the extent necessary to address any such 
        national security interest, and subject to the 
        conditions specified in paragraph (2)--
                  (A) temporarily delay the notice required by 
                subsection (b)(2);
                  (B) make the determination required by 
                subsection (b)(4), regardless of whether the 
                notice required by subsection (b)(2) has been 
                provided or whether the notified source at 
                issue has submitted any information in response 
                to such notice;
                  (C) temporarily delay the notice required by 
                subsections (b)(4) and (b)(5); and
                  (D) exercise the authority provided in 
                subsection (a) in accordance with such 
                determination; and
          (2) shall take actions necessary to comply with all 
        requirements of subsection (b) as soon as practicable 
        after addressing the urgent national security interest 
        that is the subject of paragraph (1), including--
                  (A) providing the notice required by 
                subsection (b)(2);
                  (B) promptly considering any information 
                submitted by the source at issue in response to 
                such notice, and making any appropriate 
                modifications to the determination required by 
                subsection (b)(4) based on such information; 
                and
                  (C) providing the notice required by 
                subsections (b)(5) and (b)(6), including a 
                description of such urgent national security, 
                and any modifications to such determination 
                made in accordance with subparagraph (B).
  (d) Annual Review of Determinations.--The Secretary shall 
annually review all determinations made under subsection (b).
  (e) Delegation.--The Secretary may not delegate the authority 
provided in subsection (a) or the responsibility identified in 
subsection (d) to an official below the Deputy Secretary.
  (f) Limitation of Review.--Notwithstanding any other 
provision of law, no action taken by the Secretary under 
subsection (a) may be subject to review in a bid protest before 
the Government Accountability Office or in any Federal court.
  (g) Consultation.--In developing procedures and guidelines 
for the implementation of the authorities described in this 
section, the Secretary shall review the procedures and 
guidelines utilized by the Department of Defense to carry out 
similar authorities.
  (h) Definitions.--In this section:
          (1) Covered article.--The term ``covered article'' 
        means:
                  (A) Information technology, including cloud 
                computing services of all types.
                  (B) Telecommunications equipment.
                  (C) Telecommunications services.
                  (D) The processing of information on a 
                Federal or non-Federal information system, 
                subject to the requirements of the Controlled 
                Unclassified Information program of the 
                Department.
                  (E) Hardware, systems, devices, software, or 
                services that include embedded or incidental 
                information technology.
          (2) Covered procurement.--The term ``covered 
        procurement'' means--
                  (A) a source selection for a covered article 
                involving either a performance specification, 
                as provided in subsection (a)(3)(B) of section 
                3306 of title 41, United States Code, or an 
                evaluation factor, as provided in subsection 
                (c)(1)(A) of such section, relating to supply 
                chain risk, or with respect to which supply 
                chain risk considerations are included in the 
                Department's determination of whether a source 
                is a responsible source as defined in section 
                113 of such title;
                  (B) the consideration of proposals for and 
                issuance of a task or delivery order for a 
                covered article, as provided in section 
                4106(d)(3) of title 41, United States Code, 
                with respect to which the task or delivery 
                order contract includes a contract clause 
                establishing a requirement relating to supply 
                chain risk;
                  (C) any contract action involving a contract 
                for a covered article with respect to which 
                such contract includes a clause establishing 
                requirements relating to supply chain risk; or
                  (D) any procurement made via Government 
                Purchase Care for a covered article when supply 
                chain risk has been identified as a concern.
          (3) Covered procurement action.--The term ``covered 
        procurement action'' means any of the following 
        actions, if such action takes place in the course of 
        conducting a covered procurement:
                  (A) The exclusion of a source that fails to 
                meet qualification requirements established 
                pursuant to section 3311 of title 41, United 
                States Code, for the purpose of reducing supply 
                chain risk in the acquisition or use of a 
                covered article.
                  (B) The exclusion of a source that fails to 
                achieve an acceptable rating with regard to an 
                evaluation factor providing for the 
                consideration of supply chain risk in the 
                evaluation of proposals for the award of a 
                contract or the issuance of a task or delivery 
                order.
                  (C) The determination that a source is not a 
                responsible source based on considerations of 
                supply chain risk.
                  (D) The decision to withhold consent for a 
                contractor to subcontract with a particular 
                source or to direct a contractor to exclude a 
                particular source from consideration for a 
                subcontract.
          (4) Information system.--The term ``information 
        system'' has the meaning given such term in section 
        3502 of title 44, United States Code.
          (5) Information technology.--The term ``information 
        technology'' has the meaning given such term in section 
        11101 of title 40, United States Code.
          (6) Responsible source.--The term ``responsible 
        source'' has the meaning given such term in section 113 
        of title 41, United States Code.
          (7) Supply chain risk.--The term ``supply chain 
        risk'' means the risk that a malicious actor may 
        sabotage, maliciously introduce an unwanted function, 
        extract or modify data, or otherwise manipulate the 
        design, integrity, manufacturing, production, 
        distribution, installation, operation, or maintenance 
        of a covered article so as to surveil, deny, disrupt, 
        or otherwise manipulate the function, use, or operation 
        of the information technology or information stored or 
        transmitted on the covered articles.
          (8) Telecommunications equipment.--The term 
        ``telecommunications equipment'' has the meaning given 
        such term in section 153(52) of title 47, United States 
        Code.
          (9) Telecommunications service.--The term 
        ``telecommunications service'' has the meaning given 
        such term in section 153(53) of title 47, United States 
        Code.
  (i) Effective Date.--The requirements of this section shall 
take effect on the date that is 90 days after the date of the 
enactment of this Act and shall apply to--
          (1) contracts awarded on or after such date; and
          (2) task and delivery orders issued on or after such 
        date pursuant to contracts awarded before, on, or after 
        such date.

           *       *       *       *       *       *       *


                                  [all]