At an Armed Services Committee hearing March 6 on worldwide national security threats, U.S. Senator Claire McCaskill raised concerns over U.S. companies compelled to provide proprietary information on weapons and security programs to nations like Russia and China as a condition of doing business, potentially weakening national security.
“I… wanted to ask you quickly about the security of our supply chain for our weapons systems,” McCaskill said. This is something that really concerns me. We now know that the requirements of both China and Russia to review proprietary information of United States companies in return for opening their markets to United States companies, could cause real problems down the line. Do either of you support that we should require U.S. companies to tell us if Russia or China is requiring them to open up their propriety source code as a condition of doing commerce with those two countries?”
Lieutenant General Robert P. Ashley, Jr., Director of the Defense Intelligence Agency responded: “… the supply chain risk management, the point you bring up is critical. And we have to be really much more cognizant and less naïve about where our technology is coming from—especially on the acquisition side.”
McCaskill continued: “I would really like recommendations from both of you, on what we can do in the [annual defense bill] to give you the legal tools necessary to require U.S. companies to let us know when they’ve been required to reveal source code and important proprietary software in order to do business with people that are not always our friends. And secondly, what you would do to require more transparency with subcontractors for the protection of our weapons systems supply chains… I think this committee, on a bipartisan basis, would be interested in giving you whatever tools necessary for that really desperately needed protection.”
McCaskill, the top-ranking Democrat on the Homeland Security and Governmental Affairs Committee, has called on the Department of Homeland Security to provide answers as to what it is doing to ensure agencies comply with its ban on use of Russian-based Kaspersky Lab products on American government systems, and why it took the agency so long to issue the ban. The Department of Homeland Security issued the ban last September, four months after administration officials publicly expressed concerns over Kaspersky products to the Senate Select Committee on Intelligence.