The Senate last week unanimously approved a bill requiring program and acquisition officials for federal information communications technology receive counterintelligence training related to supply chain risk management.
The Supply Chain Counterintelligence Training Act (S. 1388) directs the Office of Management and Budget, working with the Director of National Intelligence, Department of Homeland Security, and General Services Administration, to develop and implement a counterintelligence training program to help program and acquisition officials “identify and mitigate counterintelligence threats that arise during the acquisition and use throughout the lifecycle of information and communications technology.”
“Counterintelligence training for the federal workers buying and selling goods and services for the government is critical at a time when our adversaries are seeking every possible entry point to breach our systems and steal information,” Sen. Ron Johnson (R-Wis.), a chairman of the Senate Homeland Security and Governmental Affairs Committee and co-sponsor of the bipartisan legislation, said in a statement Tuesday evening. “This type of training will help close a potential gap in our cyber and physical security defenses.”
The bill is aimed at empowering federal acquisition officials to be on the lookout for potential threats in their information communications technology supply chains posed by products like Russia’s Kaspersky Labs anti-virus software and China’s network technology provider Huawei. Kaspersky’s software is banned from U.S. federal networks due to the company’s ties to Russian intelligence and the fact that Russian law allows the government to direct the Kaspersky to pass along information from U.S. systems.
The U.S. government is also concerned that Chinese companies can be directed to send their government information contained on the systems they sell their customers.
After passage in the Senate, the House referred the bill to the Committee on Oversight and Reform.