The pending House defense bill contains new provisions that would restrict the Pentagon from buying equipment from Chinese or Russian telecommunications firms over cyber attack fears.
A section of the fiscal 2018 defense authorization legislation calls for protecting the security of the nuclear command and control and communications systems from the threat of hacking and cyber attacks from Beijing or Moscow.
If passed into law later this year, the bill specifies the secretary of defense must certify whether the Pentagon is using telecommunications equipment provided by Chinese-military linked companies, Huawei Technologies or the ZTE Corp., or Russian firms.
The bill then states the defense secretary may not approve any contracts for equipment or services from the two firms, as well as any equipment produced in Russia.
The provision was added to the House Armed Services subcommittee on strategic forces portion of the authorization bill by Rep. Mike Rogers (R., Ala.) the subcommittee's chairman.
The subcommittee's portion of the authorization was marked up and approved Thursday.
The language follows disclosure in the Washington Free Beacon that ZTE was selling equipment to the Pentagon and Department of Homeland Security through an American defense contractor. The subcontract had raised cyber security concerns, according to U.S. defense officials.
Both Huawei and ZTE have been identified by congressional investigations as linked to the Chinese military and intelligence services.
The companies are very large state-linked companies that are among the largest providers of communications equipment, including routers, switches, and other gear used widely in information networks around the world.
Intelligence agencies believe both companies are required to cooperate with Chinese military and civilian intelligence services in providing clandestine access to its equipment for cyber espionage and potential sabotage.
Details of the companies' links to the Chinese government became known publicly after National Security Agency documents were made public by renegade contractor Edward Snowden. The documents from 2010 revealed NSA had penetrated Huawei's internal communications and equipment for its own spying purposes.
One NSA document from 2010 quoted a National Intelligence Estimate, "The Global Cyber Threat to the US Information Infrastructure." It stated, "we assess with high confidence that the increasing role of international companies and foreign individuals in U.S. information technology supply chains and services will increase the potential for persistent, stealthy subversions."
Use of Huawei equipment raised fears that its "widespread infrastructure will provide the PRC with [signals intelligence] capabilities and enable them to perform denial of service type attacks," the document said.
The draft House legislation quotes Cyber Command commander Adm. Mike Rogers, also the National Security Agency director, testifying that Huawei gear is banned by his command due to security concerns.
After examining potential security vulnerabilities within the supply chain used to equip American cyber warriors, Rogers said use of Chinese equipment "is a risk we felt was unacceptable."
More recently, a senior Pentagon official, Thomas Akin, said in written testimony that the Defense Department has not blacklisted the Chinese companies but limits purchases of its products by excluding the firms from its list of secure suppliers.
The Akin testimony in part prompted Congress to take steps to formally legislate a ban on both Chinese and Russian firms.
According to the draft legislation, Congress fears Chinese or Russian intelligence, operating through state-linked telecoms, would penetrate nuclear networks used to communicate with strategic forces.
The legislation states the equipment worries are related to the security of "nuclear command, control, and communications, integrated tactical warning and attack assessment, and continuity of government."
Lawmakers also are concerned that foreign states will conduct cyber attacks on homeland defenses, including highly networked ballistic missile defenses.
China and Russia are known by U.S. intelligence agencies to be targeting the U.S. nuclear command structure for future cyber attacks in a bid to disrupt strategic forces from conducting nuclear missile and bomber strikes in a future conflict.
Cyber Command is also known to be targeting Chinese and Russian nuclear command and control networks for similar cyber attacks.
Other elements of the subcommittee bill call for the Pentagon to set up a program to build a road-mobile cruise missile with a range of more than 3,400 miles to counter Russia's new cruise missile developed in violation of the 1987 Intermediate-Range Nuclear Forces treaty.
The bill would also limit any effort to extend the New START strategic arms treaty based on Moscow's INF violation.
The legislation also calls for the Pentagon to examine whether a new Russian long-range missile, the RS-26, violates the INF treaty.
The bill would also create a Space Command within the Strategic Command and a Space Corps within the Air Force to bolster space warfare capabilities.
Huawei spokesman William Plummer said the company is not linked to any state. "Moreover, as a company in the business of offering commercial solutions, Huawei does not and has no plans to proffer equipment or services to the U.S. government," he said.