A bipartisan group of senators is calling for all branches of government to share information on threats to technology supply chains, citing potential risks to national security.
In a Wednesday letter to Office of Management and Budget Director Mick MulvaneyMick MulvaneyTrump's relocation of the Bureau of Land Management was part of a familiar Republican playbook Jan. 6 committee issues latest round of subpoenas for rally organizers The Hill's Morning Report - Presented by Alibaba - To vote or not? Pelosi faces infrastructure decision MORE, top members of the Senate Homeland Security Committee called for the Federal Acquisition Security Council (FASC) to come up with a plan of action.
The intelligence community (IC) shares information on threats to the information technology supply chain with civilian agencies through the FASC. Senators want that threat information made available to other branches of government.
“Both Congress and the Executive branch have devoted considerable time identifying ways to enhance the supply chain security of information and communications technology (ICT) on U.S. government systems,” the senators wrote. “The work is vitally important, but executive agency solutions do not always mean whole of government solutions.”
The senators emphasized that “the government must ensure that information used to secure executive agency computer systems and networks is shared with ICT professionals in Congress and the judiciary.”
The FASC was established by a bill signed into law late last year by President TrumpDonald TrumpTrump lawyers to Supreme Court: Jan. 6 committee 'will not be harmed by delay' Two House Democrats announce they won't seek reelection DiCaprio on climate change: 'Vote for people that are sane' MORE. The panel is chaired by the Office of Management and Budget and includes members from the departments of Commerce, Defense, Justice and Homeland Security, and from the Office of the Director of National Intelligence.
The council is tasked with creating a “strategic plan” to address supply chain risks.
“Neither Congress nor the judiciary has the resources, expertise, or mission to replicate the IC’s SCRM [supply chain risk management] work, meaning that the comprehensive ‘whole of government’ approach the FASC was intended to achieve will likely only benefit one branch of the federal government,” the senators wrote. “This leaves Congress and the courts at risk of introducing insecure ICT that is vulnerable to the national security threats assessed by the IC and the FASC.”
The letter was signed by Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonSen. Ron Johnson: Straight from the horse's mouth Senate Democrats' super PAC releases million ad buy against Ron Johnson Barnes rakes in almost 0K after Johnson enters Wisconsin Senate race MORE (R-Wis.), Sen. Gary PetersGary PetersMichigan Republican John James 'strongly considering' House run Officials point to Apache vulnerability in urging passage of cyber incident reporting bill US concerns grow over potential Russian cyber targeting of Ukraine amid troop buildup MORE (Mich.), the top Democrat on the panel, Sen. Tom CottonTom Bryant CottonSinema scuttles hopes for filibuster reform Republicans threaten floor takeover if Democrats weaken filibuster Will Putin sink Biden? MORE (R-Ark.) and Sen. Ron WydenRonald (Ron) Lee WydenSanders, 50 Democrats unveil bill to send N95 masks to all Americans Manchin told White House he would back version of billionaire tax: report Democrats look to scale back Biden bill to get it passed MORE (D-Ore.).
The senators gave Mulvaney, who also serves as acting White House chief of staff, until Oct. 23 to respond with a detailed plan as to how the FASC will implement a new plan for sharing threats.
Supply chain security is an issue that both the Trump administration and Congress have focused more attention on recently, particularly in regards to perceived national security threats from Chinese telecommunications group Huawei and its rollout of 5G networks worldwide.
President Trump signed an executive order in May declaring a “national emergency” over securing the information and communications technology supply chain. The order blocked foreign tech companies deemed national security threats from doing business in the U.S.
While the executive order did not mention any companies by name, the Commerce Department added Huawei to its “entity list” a short time later. U.S. companies are prohibited from doing business with companies on the list.
The Commerce Department has since pushed back Huawei’s addition to the list until Nov. 19, to give U.S. companies more time to prepare.
Several congressional committees have been examining supply chain security recently. The House Energy and Commerce Committee held a hearing last month to discuss proposed legislation meant to “secure America’s wireless future,” and the House Homeland Security Committee is set to hold a hearing Wednesday that will focus on how “public-private partnerships” can enhance the security of the supply chain.