A bipartisan group of senators is requesting that the new Federal Acquisition Security Council (FASC) create a strategic plan for sharing security information with Congress and the judiciary related to supply chains that provide the government with information and communications technology (ICT).
The FASC was established in law in 2018 to recommend supply chain risk management standards and best practices for federal entities and non-federal entities.
“As a result, the U.S. has started putting mechanisms in place to improve supply chain risk management (SCRM), primarily as it relates to executive agencies,” Sens. Ron Johnson (R-Wisc.), Gary Peters (D-Mich.), Tom Cotton (R-Ark.) and Ron Wyden (D-Ore.) wrote in an Oct. 9 letter to Office of Management and Budget Director Mick Mulvaney. “That work is vitally important, but executive agency solutions do not always mean whole of government solutions. The government must ensure that information used to secure executive agency computer systems and networks is shared with ICT professionals in Congress and the judiciary.”
The senators highlight that the intelligence community shares information about SCRM threats with civilian agencies and that his information must be shared with the legislative and judicial branches of government as well.
Congress and the judiciary don’t have the resources that the intelligence community has, they said, leaving them “at risk of introducing insecure ICT that is vulnerable to the national security threats assessed by the” intelligence community and FASC.
The senators want Mulvaney to reply by Oct. 23 on how a strategic plan will be implemented.
Johnson and Peters are the chairman and ranking member respectively of the Senate Homeland Security and Governmental Affairs Committee and Cotton and Wyden both serve on the Senate Intelligence Committee.