New sourcing rules for China IT remain a work in progress
Two months after becoming law, restrictions and their impact remain unclear to industry and agencies alike.
New rules intended to inhibit acquisitions from companies with ties to the Chinese government are giving affected agenices some trouble. (Stock image)
A cybersecurity provision tucked away in the continuing resolution that currently funds the government requires four agencies to take special measures before acquiring technology gear from companies with ties to the Chinese government. Two months after the continuing resolution was signed into law, however, it remains hard to measure the impact of the new rules.
Taken at face value, the appropriation for the Commerce and Justice departments, NASA and the National Science Foundation puts sharp restrictions on the ability of those agencies to use fiscal 2013 funding to acquire IT systems with Chinese components in their supply chain. Agency heads must assess the risk of such a system in consultation with the FBI or other federal agencies with cybersecurity expertise, and report acquisitions of such systems to the appropriation committees in Congress.
"All of the agencies should be in compliance," said Rep. Frank Wolf (R-Va.), chairman of the Appropriations subcommittee that funds the affected agencies, the architect of the new rules. "It's a law. There will be a price to pay in the budget if they're out of compliance."
Compliance is apparently taking some time. A Commerce Department spokesperson told FCW that the agency is, "in the process of developing a new risk management process for IT procurement in response to language in the FY13 congressional appropriation." None of the other agencies subject to the new rules provided responses about how they are implementing the new law by press time.
There are anecdotal reports that funding is being held up by some agencies as a result of uncertainty surrounding the new rules. "There are lots of questions and no answers right now," said Pamela Richardson Walker, who is watching this issue for the trade association TechAmerica, which strongly opposed the sourcing restrictions in the continuing resolution. While member companies would not go on the record to discuss the issue, Walker said that many are looking to the government to provide clarity and consistency about the implementation of the rules.
Wolf's rules found their way into the continuing resolution in large part due to bipartisan outrage about alleged intellectual property theft by Chinese firms Huawei and ZTE. However, the new rules do more than just exclude a few Chinese-owned firms with strong government ties – they potentially could put restrictions on equipment from American companies that include transistors, resistors, and other components sourced from Chinese firms.
As TechAmerica's senior vice president for global public sector Trey Hodgkins told FCW in March, "You'd be hard-pressed to find a technology product that isn't touched in some way by a company with a PRC presence. Government can't afford to buy technologies with a bulletproof supply chain. The commercial business model doesn't provide for it."
The measure doesn't appear to have shown up in contract solicitations yet, according to Nathaniel Kulyk, who covers NASA and the Justice Department as a research analyst at Deltek. There is contract language related to existing law forbidding bilateral programming between NASA and the China government or Chinese-owned companies. "It will be interesting to see if, in the coming weeks and months, whether there are additional contract clauses that relate to funding and restrictions with China, and what impact that will have on procurements," Kulyk said.
One place to look for the impact of the sourcing provisions in the continuing resolution is NASA's Solutions for Enterprise-Wide Procurement (SEWP), a government-wide procurement solicitation. The fifth version – SEWP-V -- is expected to be released in late June.
Nearly every government agency uses SEWP to procure computers, servers, software, network equipment, cloud storage and other components of IT systems, and vendors who are on the vehicle have the right to compete for billions of dollars in IT contracts. If NASA's take on the restrictions in the new law puts tight supply chain rules in place, companies will be faced with a stark choice – find a way to comply or potentially miss out on one of the most lucrative IT vehicles in the federal portfolio.
NEXT STORY: The dangers of checklists