S 3454 Amendments – Intelligence Authorization Act

There is an interesting note on the House BillsThisWeek website about the possible consideration of S 3454, The Intelligence Authorization Act for FY 2013. Typically Senate bills are listed on this site only after they have passed in the Senate and are ready for consideration by the House. This bill, however, has not even begun consideration in the Senate, though it has been on the Senate Calendar since July. This is a high-profile authorization bill, so it may be brought up for consideration in the Senate today.

The other interesting thing about this notice is that the version of the bill is not the one introduced in the Senate by Sen. Feinstein (D,CA). It is instead an amendment in the nature of a substitute that has yet to be offered, officially, by Ms. Feinstein. There wasn’t anything in the original bill that really caught my attention, but that is not true of this substitute language.

Cyber Supply Chain Security

Section 503 of the proposed amendment addresses supply chain security measures for the “telecommunications networks of the United States”. It defines those networks as including{§503(c)}:

• Telephone systems;

• Internet systems;

• Fiber optic lines, including cable landings;

• Computer networks; and

• Smart grid technology under development by the Department of Energy.

The section requires the Director of National Intelligence (DNI) to produce a report within 90 days (awfully short reporting deadline if the research hasn’t already been done) that “identifies foreign suppliers of information technology (including equipment, software, and services) that are linked directly or indirectly to a foreign government” {§503(a)(1)}. It further defines those linkages as including:

• By ties to the military forces of a foreign government;

• By ties to the intelligence services of a foreign government; or

• By being the beneficiaries of significant low interest or no interest loans, loan forgiveness, or other support by a foreign government;

While this is almost certainly being targeted at various Chinese suppliers of cyber equipment and services, the final part of the definition could include any number of international suppliers depending on how sweeping the definition of  “other support” is employed by the DNI.

Most interestingly the report by the DNI is required to be unclassified {§503(b)} though classified annexes may be included. This almost insures that the report is intended to be publicly disclosed.

Moving Forward

It is entirely possible that the Senate could take up this bill today under a unanimous consent agreement and adopt the bill without discussion. The bill would then be taken up by the House if/when it meets in final session for the year under suspension of the rules with limited debate and no amendments. There is even the remote possibility that the bill could be considered without objection in a pro forma session of the House.