Oklahoma U.S. Sen. James Lankford joined forces this week with Democratic U.S. Sen. Claire McCaskill of Missouri in attempting to make more secure the nation’s supply chain when it comes to information technology.
They filed legislation called the Federal Acquisition Supply Chain Security Act, to establish a council to equipment the government with the policies and processes for sharing information and evaluating supply chain risks earlier in the IT purchasing cycle. it’s not just the public interest that Lankford and McCaskill are interested in protecting but the country’s national security.
The two said in their announcement that for years the Intelligence Community was aware of the risk that Kaspersky Labs antivirus products posed to national security. But the information was not widely shared with other government agencies. Their bill raises awareness across the government by breaking down “silos between national security and civilian agencies” and requires them to develop a strategy that confronts supply chain risk management.
“The nation continues to work to protect our cybersecurity, and we need to have a system in place that will allow us to address risks before it becomes an issue nationwide,” said Lankford. “This bipartisan bill will help to clarify each government agencies’ role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management. The government needs to continue to work toward strengthening cybersecurity vulnerabilities and this bill will help move us in the right direction.”
The bill includes provisions that would:
· Establish a Federal Acquisition Security Council that brings together key federal agencies to share information and build the policies and procedures to mitigate supply chain security threats from IT purchases;
· Mandate the development of criteria for assessing the supply chain risk posed by vulnerabilities in and characteristics of IT products and services;
· Require the Council to consult with the private sector on the development of policies and processes for conducting supply chain risk assessments;
· Require a government-wide strategy to address supply chain security;
· Require each agency to conduct risk assessments of existing IT products that pose the greatest threat and prior to buying new IT products and services;
· Mandate risk assessments of IT products before they are made available for government-wide purchase; and
· Grant agencies the authority to mitigate threats to IT acquisitions for reasons of national security and threats to the public interest.
Read a copy of the Senators’ legislation HERE.