Homeland Security Committee Forwards Bill to Prevent the Next Kaspersky

The Homeland Security Department would have broad authority to bar technology contractors that officials believe pose cybersecurity and national security risks under legislation forwarded by the House Homeland Security Committee Tuesday.

The bill, which would only apply to Homeland Security contracts, would generally require the department to notify contractors before a ban and allow them to protest the ban or make efforts to mitigate the problem.

That notification could be skipped if the danger warranted it, however. The bans could not be challenged by a federal court or through the Government Accountability Office’s bid protest process, according to the bill.

The bill’s chief sponsor is Rep. Peter King, R-N.Y. It was co-sponsored by six other committee members, including Chairman Michael McCaul, R-Texas, and ranking member Bennie Thompson, D-Miss.

The bill comes as the government is embroiled in litigation with the Russian anti-virus company Kaspersky Lab, which Homeland Security barred from federal contracts in October.

Congress is also highly likely to ban government telecommunications procurements from the Chinese companies Huawei and ZTE.

Those bans are included in a conference version of an annual must-pass defense policy bill that’s been agreed to by House and Senate conferees but not yet approved by either chamber. A separate provision targeting ZTE did not make it into the final bill. That provision would have reinstated penalties against ZTE for violating sanctions that the Trump administration recently reversed.

The Trump administration floated legislation earlier this month that would give Homeland Security even broader authority to ban contractors that pose national security risks across the civilian government. Those decisions would be based on the advice of a newly created supply chain risk advisory board.  

That proposal would grant similar authorities and create similar advisory boards at the Defense Department and the intelligence community.

The bill forwarded by the Homeland Security Committee would require notice to Congress about all decisions to ban contractors and an annual review those decisions by the department secretary.  

The bill also requires that decisions to ban contractors can only be made by the secretary and deputy secretary of the department.

Authorizing CDM

The committee also forwarded a bill from cybersecurity panel Chairman Rep. John Ratcliffe, R-Texas, Tuesday, that would put the power of legislation behind Homeland Security’s Continuous Diagnostics and Mitigation program.

That multibillion-dollar program, launched in 2013, provides a suite of pre-vetted cybersecurity tools to other federal agencies.

The department would be required to study whether it should reconsider its current phased approach to rolling out CDM tools and services under an amendment to the bill from the panel’s ranking member, Rep. Jim Langevin, D-R.I. That amendment was also approved.

The committee also forwarded bills Tuesday that would:

• Establish a chief data officer position at the Homeland Security Department.
• Standardize contractor fitness standards across various divisions of the Homeland Security Department.
• Create an unmanned aircraft systems coordinator position in the department. UAS is the technical name for drones.