A bipartisan set of senators rolled out a bill Tuesday that aims to establish a council responsible for evaluating supply chain risks that could impact national security as well as create a clear path for authorities to deal with threats once they are uncovered.
Sens. Claire McCaskill (D-Mo.) and James Lankford (R-Okla.) introduced the The Federal Acquisition Supply Chain Security Act (FASCSA) following concerns from lawmakers about the use of products developed by foreign countries.
The concerns were magnified by controversies surrounding Russia-based Kaspersky Labs and ZTE, a China-based telecommunications firm.
{mosads}
The Senate bill would require the Federal Acquisition Security Council to develop criteria for assessing supply chain threats. It would be required to consult the private sector on the development of such policies, and call on the government to develop a strategy to deal with the risks.
The new legislation comes after the Senate passed an annual defense policy bill on Monday that included a provision that blocks President Trump’s deal to save ZTE and instead places penalties against the company.
Late last month, a federal judge dismissed Kaspersky Lab’s two lawsuits alleging that the federal government and Congress acted unlawfully to ban products developed by the cybersecurity firm over security concerns.
The Department of Homeland Security (DHS) issued a directive last year to remove Kaspersky Lab products, which removed and banned Kaspersky software over concerns about the firm’s ties to the Russian government.
Congress passed the 2018 National Defense Authorization Act (NDAA) following the directive, a move that came after lawmakers because increasingly concerned that U.S. computer systems were using Kaspersky software.
“For years, the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security, but that information was not widely shared with other government agencies,” the press release says.
McCaskill, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, said the new bill will help boost cybersecurity in the country by identifying supply chain threats before they get fully integrated into the federal government’s systems.
“We can’t simply respond to supply chain threats piecemeal, we’ve got to have a system in place to assess these risks across the government, and that’s what this bipartisan bill does,” McCaskill said in a statement.
Lankford said the bill will clearly lay out how each federal agency addresses security threats as they enter the supply chain.
“This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management,” Lankford said in a statement.