US Should Expand BIS, Clarify Critical Tech Definition, Experts Say

The authors, who tried to provide “concrete and pragmatic measures that U.S. policymakers should take to operationalize a national technology strategy,” said BIS should create an assistant secretary for supply chain and technology security and an assistant secretary for intelligence. The supply chain and technology security secretary would oversee efforts surrounding the U.S. information and communication technology and service supply chain and certain foreign investment reviews, while the intelligence secretary would provide “intelligence support” to department leadership and the agency’s national security programs. BIS should also expand the responsibilities of its assistant secretary for export enforcement to also cover compliance, which “would support requirements for all regulatory programs under BIS.”

CNAS compared the BIS reorganization to the Treasury Department’s Office of Terrorism and Financial Intelligence, “which centralized and consolidated” policy, intelligence, enforcement and regulatory authorities for anti-money laundering, illicit finance and terrorist finance. “BIS, despite its name, has been focused almost exclusively on export controls,” the report said, “but remains well placed to expand beyond this remit to take on broader national security equities related to regulation and protection of the U.S. technology supply chain.”

An expanded BIS would also call for more funding and resources, the report said. CNAS said Commerce already faces “a number of constraints in this regard” and “consistently” falls short in meeting the “burgeoning mission requirements of the department.” The report specifically said the agency struggles to retain and recruit emerging technology experts, which has hurt BIS as it tries to follow through on its mandate under the Export Control Reform Act to control emerging and foundational technologies. BIS didn’t comment.

To address these issues and provide more resources for BIS’s expansion, the agency should receive more funding from the national defense budget, CNAS said. The budget can help fund military-related export control efforts, “counter-proliferation” and other areas “where the military has a direct stake.” Commerce should also receive new hiring authorities from Congress, including a 10%-25% incentive pay to attract technology experts. “These authorities would go far in ensuring the department can hire personnel quickly and maintain sufficient expertise to craft policy and regulation addressing the evolving challenges of technology competition,” the report said.

BIS and the administration must also come to a “universal agreement” over a definition for critical technologies. CNAS criticized the previous administration’s 2020 national strategy for critical and emerging technologies (see 2010150038), which contained too broad a definition and fell “well short of what is needed to identify technology priorities.” The report was also critical of the annex included in the strategy document, which featured a list of 20 broad technology categories, such as energy technologies and advanced computing, “with no accompanying explanation or justification. Government leaders cannot take effective action with inadequate guidance.” The White House didn’t comment.

CNAS said the National Security Council should lead an interagency effort to create a “shared definition” for critical technology. The definition should include technologies that are “essential for the United States to compete economically and secure its national interests.”

In another recommendation, the report authors said Congress should codify Commerce as the government’s “central repository and clearinghouse for information related to foreign companies, specific sensitive information, and corporate due-diligence information.” The report noted that no agency has been designated to collect foreign investment, foreign transaction and supply chain information, which is desperately needed by U.S. companies to conduct proper due-diligence to avoid violating U.S. export controls and sanctions.

But CNAS said the most “problematic barrier” to this information sharing is a legal one. It said the Committee on Foreign Investment in the U.S. -- which is one of the “most active, long-standing, and prolific sources” of nonpublic, sensitive business information -- is barred from sharing that information outside of officials involved in the foreign investment review process. Among other measures, Congress should amend the Foreign Risk Review Modernization Act, which took effect last year (see 2002110042), to remove restrictions on sharing sensitive business information outside the CFIUS process. This would allow CFIUS to share information with other “designated foreign transaction or supply chain review programs.”

The report also recommends establishing a Technology Security Coordination Group, which would include representatives from CFIUS, BIS and the Justice Department and would coordinate policy on technology and supply chain security. Current supply chain authorities in the government are too “myriad and spread across departments and agencies,” the report said, and should be centralized. “While the group should not undercut or circumvent any secretary’s departmental authority,” CNAS said, “it should act as a forum to identify appropriate tools to use, either alone or in concert, to address a policy objective or an identified emerging threat to national security.”