Bipartisan senators want federal plan for sharing more info on supply chain threats

A bipartisan group of senators is calling for all branches of government to share information on threats to technology supply chains, citing potential risks to national security.

In a Wednesday letter to Office of Management and Budget Director Mick Mulvaney, top members of the Senate Homeland Security Committee called for the Federal Acquisition Security Council (FASC) to come up with a plan of action.

{mosads}The intelligence community (IC) shares information on threats to the information technology supply chain with civilian agencies through the FASC. Senators want that threat information made available to other branches of government.

“Both Congress and the Executive branch have devoted considerable time identifying ways to enhance the supply chain security of information and communications technology (ICT) on U.S. government systems,” the senators wrote. “The work is vitally important, but executive agency solutions do not always mean whole of government solutions.”

The senators emphasized that “the government must ensure that information used to secure executive agency computer systems and networks is shared with ICT professionals in Congress and the judiciary.”

The FASC was established by a bill signed into law late last year by President Trump. The panel is chaired by the Office of Management and Budget and includes members from the departments of Commerce, Defense, Justice and Homeland Security, and from the Office of the Director of National Intelligence.

The council is tasked with creating a “strategic plan” to address supply chain risks.

“Neither Congress nor the judiciary has the resources, expertise, or mission to replicate the IC’s SCRM [supply chain risk management] work, meaning that the comprehensive ‘whole of government’ approach the FASC was intended to achieve will likely only benefit one branch of the federal government,” the senators wrote. “This leaves Congress and the courts at risk of introducing insecure ICT that is vulnerable to the national security threats assessed by the IC and the FASC.”

The letter was signed by Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.), Sen. Gary Peters (Mich.), the top Democrat on the panel, Sen. Tom Cotton (R-Ark.) and Sen. Ron Wyden (D-Ore.).

The senators gave Mulvaney, who also serves as acting White House chief of staff, until Oct. 23 to respond with a detailed plan as to how the FASC will implement a new plan for sharing threats.

Supply chain security is an issue that both the Trump administration and Congress have focused more attention on recently, particularly in regards to perceived national security threats from Chinese telecommunications group Huawei and its rollout of 5G networks worldwide.

President Trump signed an executive order in May declaring a “national emergency” over securing the information and communications technology supply chain. The order blocked foreign tech companies deemed national security threats from doing business in the U.S.

While the executive order did not mention any companies by name, the Commerce Department added Huawei to its “entity list” a short time later. U.S. companies are prohibited from doing business with companies on the list.

The Commerce Department has since pushed back Huawei’s addition to the list until Nov. 19, to give U.S. companies more time to prepare.

Several congressional committees have been examining supply chain security recently. The House Energy and Commerce Committee held a hearing last month to discuss proposed legislation meant to “secure America’s wireless future,” and the House Homeland Security Committee is set to hold a hearing Wednesday that will focus on how “public-private partnerships” can enhance the security of the supply chain.