Senators introduce bipartisan bill to detect supply chain risks posing threats to national security

Senators introduce bipartisan bill to detect supply chain risks posing threats to national security
© Greg Nash

A bipartisan set of senators rolled out a bill Tuesday that aims to establish a council responsible for evaluating supply chain risks that could impact national security as well as create a clear path for authorities to deal with threats once they are uncovered.

Sens. Claire McCaskillClaire Conner McCaskillThe Hill's Morning Report: Dems have a majority in the Senate (this week) Schumer to meet with Kavanaugh on Tuesday GOP leader criticizes Republican senators for not showing up to work MORE (D-Mo.) and James LankfordJames Paul LankfordHillicon Valley: Trump escalates feud with intel critics | Tesla shares fall after troubling Musk interview | House panel considers subpoena for Twitter's Jack Dorsey | Why Turkish citizens are breaking their iPhones Hillicon Valley: FBI fires Strzok after anti-Trump tweets | Trump signs defense bill with cyber war policy | Google under scrutiny over location data | Sinclair's troubles may just be beginning | Tech to ease health data access | Netflix CFO to step down House Intel lawmakers introduce bipartisan election security bill MORE (R-Okla.) introduced the The Federal Acquisition Supply Chain Security Act (FASCSA) following concerns from lawmakers about the use of products developed by foreign countries.

The concerns were magnified by controversies surrounding Russia-based Kaspersky Labs and ZTE, a China-based telecommunications firm.

ADVERTISEMENT

The Senate bill would require the Federal Acquisition Security Council to develop criteria for assessing supply chain threats. It would be required to consult the private sector on the development of such policies, and call on the government to develop a strategy to deal with the risks.

The new legislation comes after the Senate passed an annual defense policy bill on Monday that included a provision that blocks President TrumpDonald John TrumpBrennan fires new shot at Trump: ‘He’s drunk on power’ Trump aides discussed using security clearance revocations to distract from negative stories: report Trump tried to dissuade Melania from 'Be Best' anti-bullying campaign: report MORE’s deal to save ZTE and instead places penalties against the company.

Late last month, a federal judge dismissed Kaspersky Lab's two lawsuits alleging that the federal government and Congress acted unlawfully to ban products developed by the cybersecurity firm over security concerns.

The Department of Homeland Security (DHS) issued a directive last year to remove Kaspersky Lab products, which removed and banned Kaspersky software over concerns about the firm's ties to the Russian government.

Congress passed the 2018 National Defense Authorization Act (NDAA) following the directive, a move that came after lawmakers because increasingly concerned that U.S. computer systems were using Kaspersky software.

“For years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies,” the press release says.

McCaskill, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, said the new bill will help boost cybersecurity in the country by identifying supply chain threats before they get fully integrated into the federal government’s systems.

“We can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government, and that’s what this bipartisan bill does,” McCaskill said in a statement.

Lankford said the bill will clearly lay out how each federal agency addresses security threats as they enter the supply chain.

“This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management,” Lankford said in a statement.