Senators introduce bipartisan bill to detect supply chain risks posing threats to national security

Senators introduce bipartisan bill to detect supply chain risks posing threats to national security
© Greg Nash

A bipartisan set of senators rolled out a bill Tuesday that aims to establish a council responsible for evaluating supply chain risks that could impact national security as well as create a clear path for authorities to deal with threats once they are uncovered.

Sens. Claire McCaskillClaire Conner McCaskillThe Year Ahead: Tech braces for new scrutiny from Washington McCaskill: 'Too many embarrassing uncles' in the Senate FEC votes to allow lawmakers to use campaign funds for personal cybersecurity MORE (D-Mo.) and James LankfordJames Paul LankfordThe Year Ahead: Tech braces for new scrutiny from Washington Hillicon Valley — Presented by AT&T — Officials warn of threat from Chinese spying | China blamed for Marriott hack | Trump open to intervening in Huawei case | FCC mulls ending merger ban on 'Big Four' networks | California floats tax on texts Bipartisan supply chain bill likely punted to next Congress, McCaskill says MORE (R-Okla.) introduced the The Federal Acquisition Supply Chain Security Act (FASCSA) following concerns from lawmakers about the use of products developed by foreign countries.

The concerns were magnified by controversies surrounding Russia-based Kaspersky Labs and ZTE, a China-based telecommunications firm.

ADVERTISEMENT

The Senate bill would require the Federal Acquisition Security Council to develop criteria for assessing supply chain threats. It would be required to consult the private sector on the development of such policies, and call on the government to develop a strategy to deal with the risks.

The new legislation comes after the Senate passed an annual defense policy bill on Monday that included a provision that blocks President TrumpDonald John TrumpBiden, Sanders lead field in Iowa poll The Memo: Cohen fans flames around Trump Memo Comey used to brief Trump on dossier released: report MORE’s deal to save ZTE and instead places penalties against the company.

Late last month, a federal judge dismissed Kaspersky Lab's two lawsuits alleging that the federal government and Congress acted unlawfully to ban products developed by the cybersecurity firm over security concerns.

The Department of Homeland Security (DHS) issued a directive last year to remove Kaspersky Lab products, which removed and banned Kaspersky software over concerns about the firm's ties to the Russian government.

Congress passed the 2018 National Defense Authorization Act (NDAA) following the directive, a move that came after lawmakers because increasingly concerned that U.S. computer systems were using Kaspersky software.

“For years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies,” the press release says.

McCaskill, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, said the new bill will help boost cybersecurity in the country by identifying supply chain threats before they get fully integrated into the federal government’s systems.

“We can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government, and that’s what this bipartisan bill does,” McCaskill said in a statement.

Lankford said the bill will clearly lay out how each federal agency addresses security threats as they enter the supply chain.

“This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management,” Lankford said in a statement.