IN THE SENATE OF THE UNITED STATES
April 28, 2021
Mr. Hawley introduced the following bill; which was read twice and referred to the Committee on Armed Services
To require the Secretary of Defense to support and provide incentives for domestic manufacturing of printed circuit boards, to identify national security risks in printed circuit boards imported from certain foreign countries, and for other purposes.
This Act may be cited as the
Protecting Critical Boards and Electronics Through Transparency and Enduring Reinvestment Act of 2021 or the
PCBETTER Act of 2021.
Establishment of Electronics Supply Chain Fund and assistance and incentives for domestic manufacturing of printed circuit boards
Establishment of Electronics Supply Chain Fund
There is established in the Treasury of the United States a trust fund to be known as the
Electronics Supply Chain Fund (in this section the
Contents of Fund
The Fund shall consists of such amounts as may be appropriated for deposit in the Fund.
Amounts deposited in the Fund shall remain available through the end of the tenth fiscal year beginning after the date on which funds are first appropriated to the Fund.
Remainder to treasury
Any amounts remaining in the Fund after the date specified in subparagraph (A) shall be deposited in the general fund of the Treasury.
Use of fund
Amounts deposited in the Fund shall be available to the Secretary of Defense—
to fund the construction, expansion, or modernization of facilities to develop or manufacture semiconductors, microelectronics, advanced electronic packaging, and printed circuit boards;
to carry out subsection (d); and
to carry out section 4(a).
Specific activities required
Using amounts from the Fund, the Secretary of Defense, in consultation with the Secretary of Commerce, the Secretary of Homeland Security, the Director of National Intelligence, and such other officials as the Secretary of Defense considers appropriate, shall—
promote and deploy technology, including microelectronics, printed circuit boards, semiconductors, and related technologies so as to create a commercially competitive electronics industry in the United States capable of meeting United States national security needs;
establish production and manufacturing sites for the technologies described in paragraph (1); and
establish security standards necessary for the implementation of—
section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 132 Stat. 1917);
section 224 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116–92; 10 U.S.C. 2302 note); and
section 841 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116–283).
Printed circuit board manufacturing as qualifying capability
The Secretary of Defense shall consider printed circuit board manufacturing as a qualifying capability when making funds available for the construction, expansion, or modernization of domestic development or manufacturing capabilities for semiconductors or electronic packaging.
Requirement that certain providers of systems to Department of Defense disclose the source of printed circuit boards when sourced from certain countries
The Secretary of Defense shall require any provider of a covered system to provide to the Department of Defense, along with delivery of the covered system, a list of the printed circuit boards in the covered system that includes, for each printed circuit board, an attestation of whether—
the printed circuit board was partially or fully manufactured and assembled in a covered nation;
the printed circuit board was fully manufactured and assembled outside of a covered nation; or
the provider cannot determine where the printed circuit board was manufactured and assembled.
Not later than 90 days after the date of the enactment of this Act, the Secretary shall promulgate such regulations as are necessary to carry out this section.
In this section:
The term covered nation includes the following:
The People's Republic of China.
The Russian Federation.
The Democratic People's Republic of North Korea.
The Islamic Republic of Iran.
The term covered system means any item, including commercial items and commercially available off-the-shelf items, notwithstanding section 3452 of title 10, United States Code, as redesignated by section 1821(a)(1) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116–283), or sections 1906 and 1907 of title 41, United States Code, that—
has an electronic component;
is provided to the Department of Defense under a contract that exceeds the simplified acquisition threshold; and
transmits or stores information including—
data communications and storage, including servers, switches, and networking systems, but excluding personal data storage devices, personal computers, desktop computers, tablets, and handheld equipment;
information technology security systems; and
any other system that the Secretary determines should be covered.
The term manufactured and assembled, with respect to a printed circuit board, includes all actions from the printing of the printed circuit board from raw materials to the integration of the completed printed circuit board in an end item or component of an end item.
Department of Defense testing of vulnerability of systems with printed circuit boards from certain countries and remediation and prevention of such vulnerabilities
Program establishment required
Not later than one year after the date of the enactment of this Act, the Secretary of Defense shall establish a program to test systems owned or operated by the Department of Defense for vulnerabilities to foreign interference, sabotage, espionage, and attack.
Required testing for certain systems
Through the program established under paragraph (1), the Secretary shall test each system of the Department that contains at least one printed circuit board for which a disclosure was made pursuant to section 3(a) and an attestation was made with respect to paragraph (1) or (3) of such section.
The Secretary shall ensure that the program established under paragraph (1) uses, to the maximum extent practicable, best-in-breed testing and detection methods used by commercial industry, including—
red teaming; and
Whenever informed of a vulnerability in a system under the program established under subsection (a)(1), the Secretary shall designate a senior official of the Department to remediate the vulnerability as soon as practicable.
Remediation under paragraph (1) shall include those measures that the designated official determines necessary to lower the risk to acceptable levels, including—
adding hardware or software to isolate and contain any malicious printed circuit board;
destruction, deactivation, or replacement of the system containing the vulnerability; or
physical modification of the system containing the vulnerability through the insertion of a trusted printed circuit board or other hardware that does not contain known vulnerabilities.
Assignment of costs
Whenever a vulnerability is found in a system from a contractor through the program established under subsection (a)(1), the Secretary of Defense shall determine whether the contractor should reasonably have discovered the vulnerability prior to delivery of the system to the Department.
Payment by contractor
If, pursuant to subparagraph (A), the Secretary determines that a contractor should reasonably have discovered the vulnerability prior to delivery to the Department, the Secretary may withhold future payments to the contractor in an amount not to exceed the amount expended by the Department on remediation of the affected system.
If the Secretary determines that a vulnerability identified through the program established under subsection (a)(1) is the result of any printed circuit board that the contractor imported from the People’s Republic of China after December 31, 2021, the Secretary shall presume that the contractor reasonably should have discovered the vulnerability prior to delivery to the Department.
The contractor may rebut a presumption under clause (i) with a showing of technical impossibility.
Not later than one year after the date of the enactment of this Act, the Secretary shall promulgate such regulations as the Secretary considers necessary to require contractors selling goods or services to the Department that include printed circuit boards to undertake such due diligence as the Secretary considers appropriate to prevent the occurrence of vulnerabilities in such goods and services, including—
certification of the ownership, management, and security of subcontractors;
conducting penetration testing, red teaming exercises, and other simulated attacks against the good or service; and
compliance with the Cybersecurity Maturity Model Certification, or successor model certification.
Not later than December 31 of each year, the Secretary of Defense shall submit to the congressional defense committees a report on the activities carried out under this section during the preceding fiscal year.
Each report submitted under paragraph (1) shall include, for the period covered by the report, the following:
The number of systems tested for vulnerabilities.
The number of systems identified as having a vulnerability.
The number of systems that the Department has yet to test under this section.
The identity of any contractors that have been identified as failing to reasonably discover a vulnerability in a good or service provided to the Department of Defense.
Such other information as the Secretary considers appropriate.
Congressional defense committees defined
In this section, the term congressional defense committees has the meaning given that term in section 101(a) of title 10, United States Code.