Senators introduce bipartisan bill to detect supply chain risks posing threats to national security

Senators introduce bipartisan bill to detect supply chain risks posing threats to national security
© Greg Nash

A bipartisan set of senators rolled out a bill Tuesday that aims to establish a council responsible for evaluating supply chain risks that could impact national security as well as create a clear path for authorities to deal with threats once they are uncovered.

Sens. Claire McCaskillClaire Conner McCaskillBig Dem names show little interest in Senate Gillibrand, Grassley reintroduce campus sexual assault bill Endorsements? Biden can't count on a flood from the Senate MORE (D-Mo.) and James LankfordJames Paul LankfordBipartisan group of senators introduce legislation designed to strengthen cybersecurity of voting systems Dems push to revive Congress' tech office US-China trade talks end without announcement of deal MORE (R-Okla.) introduced the The Federal Acquisition Supply Chain Security Act (FASCSA) following concerns from lawmakers about the use of products developed by foreign countries.

The concerns were magnified by controversies surrounding Russia-based Kaspersky Labs and ZTE, a China-based telecommunications firm.

ADVERTISEMENT

The Senate bill would require the Federal Acquisition Security Council to develop criteria for assessing supply chain threats. It would be required to consult the private sector on the development of such policies, and call on the government to develop a strategy to deal with the risks.

The new legislation comes after the Senate passed an annual defense policy bill on Monday that included a provision that blocks President TrumpDonald John TrumpWhat the Mueller report tells us about Putin, Russia and Trump's election Fox's Brit Hume fires back at Trump's criticism of the channel Anti-US trade war song going viral in China MORE’s deal to save ZTE and instead places penalties against the company.

Late last month, a federal judge dismissed Kaspersky Lab's two lawsuits alleging that the federal government and Congress acted unlawfully to ban products developed by the cybersecurity firm over security concerns.

The Department of Homeland Security (DHS) issued a directive last year to remove Kaspersky Lab products, which removed and banned Kaspersky software over concerns about the firm's ties to the Russian government.

Congress passed the 2018 National Defense Authorization Act (NDAA) following the directive, a move that came after lawmakers because increasingly concerned that U.S. computer systems were using Kaspersky software.

“For years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies,” the press release says.

McCaskill, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, said the new bill will help boost cybersecurity in the country by identifying supply chain threats before they get fully integrated into the federal government’s systems.

“We can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government, and that’s what this bipartisan bill does,” McCaskill said in a statement.

Lankford said the bill will clearly lay out how each federal agency addresses security threats as they enter the supply chain.

“This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management,” Lankford said in a statement.