DOD’s IT supply chain has dozens of suppliers from China, report finds
A report from data analytics firm Govini shows that the Department of Defense‘s IT supply chains has dozens of Chinese companies in it. It is unclear how much work, products or services come from these companies and in what way, but it still is a significant risk, according to Govini’s CEO.
“The volume alone is important because it just amplifies the risk,” Tara Murphy Dougherty, a former DOD official and CEO of Govini, said in an interview.
The report found several dozen Chinese suppliers from the IT, software and telecommunications equipment industries in a sample of more than 1,000 prime defense contractors’ supply chains.
Govini’s findings come as the federal government, including the DOD, has been required by law to remove certain Chinese-owned technology firms from it its supply chains as of Aug. 13. The law, Section 889, Part B of the National Defense Authorization Act of 2019, goes as far as to bar the government from doing business with any contractor that “uses” the technology from Chinese companies like Huawei, ZTE and others.
The report also highlights a critical issue DOD has been warning its contractors about, especially during the coronavirus pandemic. Early in the economic slump brought by the pandemic, Ellen Lord, undersecretary for acquisition and sustainment, warned companies to be vigilant of adversarial investments or other ways the nation’s biggest adversaries could try to infiltrate the defense industrial base or poach American innovation.
It’s a problem DOD has recognized, but one that Dougherty said she was still shocked to see quantified. The report shows the “incredibly negative externality the department has to grapple with,” she said. “There is a much greater impact than was actually understood,” she added.
The risks of foreign — and Chinese, in particular — goods in the defense supply chain is greatest in the IT and software industries, Dougherty said. With technology, there is a risk of malicious code or cyber loopholes being placed in DOD products that can slip through the authority to operate process. It is a similar concern to Huawei’s presence in the U.S. commercial market, but with a greater impact since it directly involves national security.
The report also tracked data from other sectors, showing far more foreign-owned companies in the second-, third- and fourth-tier suppliers than U.S. companies. U.S.-owned firms made up the vast majority of prime contractors.
Dougherty said that so far, parts of the DOD have been “very effective” at recognizing and addressing the ownership of its contractors. But there has yet to be a “comprehensive, enterprise-level decision” about how they are going to address it. The DOD has received and pushed for more federal funding to assist and shore up contractors that are at risk of closing their doors due to the economic impacts of the pandemic.
“From my experience … the reality is it takes too long to change these things,” Dougherty said