Peters Bipartisan Legislation to Help Secure Federal Information Technology Supply Chains Against Security Threats Passes Senate
Statement
WASHINGTON, D.C. -- Legislation authored by U.S. Senator Gary Peters (MI), Chairman of the Homeland Security and Governmental Affairs Committee, to help protect against cybersecurity threats and other technological supply chain security vulnerabilities that arise when the federal government purchases services, equipment or products has passed the Senate. The bipartisan Supply Chain Security Training Act would create a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government's information security. The legislation now heads to the U.S. House of Representatives for consideration.
"Federal employees purchasing software and equipment for the government must be able to recognize vulnerabilities in these products that could allow hackers to breach federal systems and disrupt our supply chains," said Senator Peters. "This bipartisan legislation will help federal employees identify potential threats to federal cybersecurity, and stop foreign adversaries and cybercriminals as they attempt to compromise our national security."
Training and preparing federal acquisitions employees to recognize and mitigate these growing threats is an essential step in preventing hostile actors from compromising America's national security. Previous breaches of federal information systems exploited vulnerabilities in the SolarWinds and Microsoft Exchange networks, highlighting the need for robust technological supply chain security and the importance of ensuring agency personnel responsible for managing these resources are well versed and up-to-date on cybersecurity threats and other attempts to steal sensitive or valuable information.
The Supply Chain Security Training Act directs the General Services Administration (GSA), in coordination with the Department of Homeland Security (DHS), Department of Defense (DOD) and the Office of Management and Budget (OMB), to create a supply chain security training program for federal officials with supply chain risk management responsibilities. The bill would also require the Office of Management and Budget (OMB) to develop guidance for federal agencies to adopt and use the training program and how to select officials to participate in the training.
The bill is based on similar legislation Peters introduced last Congress. The legislation also builds on a recent executive order from President Biden that made it easier for federal agencies to share threat information, modernize their cybersecurity infrastructure and enhance federal software supply chain security in the wake of recent serious breaches.
As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation's cybersecurity defenses. His bill to enhance cybersecurity assistance to K-12 educational institutions across the country was signed into law. Peters secured several provisions in the bipartisan infrastructure law to bolster cybersecurity -- including $100 million fund to help victims of a serious attack recover quickly. Peters' bills to bolster federal cybersecurity and require critical infrastructure owners and operators to report to CISA if they experience a cyber-attack, and other organizations to notify the federal government if they make a ransom payment have advanced in the Senate.
Source