National security concerns over IT products made by internationally based companies such as Kaspersky and ZTE have been on the rise, so two senators introduced a bipartisan bill June 19 that would establish a council to promote information sharing on IT supply chain risks.
Sens. Claire McCaskill, D-Mo., and James Lankford, R-Okla., introduced the Federal Acquisition Supply Chain Security Act to better promote communication between the intelligence community and civilian agencies about IT components that could pose a risk to the government’s cybersecurity.
“Cybersecurity is a 21st century problem we’re still trying to tackle with 20th century solutions — and that simply can’t happen in an area that affects the lives and livelihoods of all Americans,” said McCaskill.
“We can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government, and that’s what this bipartisan bill does.”
The bill would establish a Federal Acquisition Security Council responsible for developing criteria for IT supply chain risk assessment, while consulting with the private sector on best practices. Individual agencies would be required to conduct risk assessments of all current and future IT products in use, while granting agencies the authority to mitigate threats to IT acquisitions for reasons of national security and threats to the public interest.
“The nation continues to work to protect our cybersecurity, and we need to have a system in place that will allow us to address risks before it becomes an issue nationwide,” said Lankford.
“This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management. The government needs to continue to work toward strengthening cybersecurity vulnerabilities and this bill will help move us in the right direction.”
Jessie Bur covers federal IT and management.