Supply Chain Cybersecurity a Major Legislative Priority for House Homeland

The House Homeland Security Committee is planning a major push to pass legislation that will improve the cybersecurity of government supply chains, a staffer told Nextgov.

It’s not yet clear, however, if that push will focus on the Securing the Homeland Security Supply Chain Act, which the committee passed last week, or a broader Trump administration proposal, which has yet to be introduced as formal legislation, the staffer said.

The committee-passed bill applies only to the Homeland Security Department and would give the department’s secretary authority to ban contractors that pose cybersecurity and national security risks after a formal review.

It was sponsored by Rep. Peter King, R-N.Y., but also boasts six cosponsors, including committee Chairman Michael McCaul, R-Texas, and ranking member Bennie Thompson, D-Miss.

The Trump administration proposal would authorize the Homeland Security secretary to bar contractors across the civilian government. It would grant similar authorities to the defense secretary for military contracts and to the director of national intelligence for intelligence community contracts.

Committee leaders plan to spend the August recess working with other House committees and potential Senate co-sponsors to assess whether it’s possible to get the broader version of the legislation to the president’s desk before this Congress ends in January, the staffer said.

If there isn’t sufficient momentum for the broader bill, the Homeland Security Committee will focus on the narrower bill, the staffer said.

There’s no schedule for a House floor vote on the narrower bill yet, but that, too, will likely be figured out during the August recess, the staffer said.

A spokesman for the Homeland Security Department’s cyber division did not respond to requests for comment.

“If there’s an appetite for a governmentwide solution, we don’t want to stand in the way, but, if there isn’t, then we’re going to push for the DHS bill,” the Homeland Security staffer said, adding “we have a lot of momentum right now.” 

Congress has grown increasingly concerned in recent months about the possibility of Russia, China and other cyber adversaries using complex government technology supply chains and the arcane acquisition process to sneak spying tools onto U.S. government networks.

Congress banned the Russian anti-virus company Kaspersky Lab from government networks last year over spying concerns and is preparing to ban the Chinese companies Huawei and ZTE in a major defense policy bill that passed the House last week and is expected to pass the Senate this week.

Homeland Security is also prepping its own initiative with the General Services Administration to improve government supply chain security. The department is expected to release some details during a summit in New York on Tuesday.

The Homeland Security Committee reached out extensively to industry before introducing its narrower bill but has only received limited feedback so far, the committee staffer said.

Most of that feedback has been from cybersecurity firms and associations who favor the bill, the staffer said. There’s been less feedback from contractors who might be skeptical about new requirements the bill will impose on them.

The staffer speculated contractors might not mind additional requirements as long as the requirements were clear and applied uniformly across the contracting community.

Kaspersky has sued to reverse the U.S. government ban imposed by Congress in December as well as a separate ban imposed by Homeland Security in October. Kaspersky claims the bans unfairly singled the Russian company out for punishment.

A judge dismissed that case at the U.S. district court level and the case is currently being considered by the U.S. Court of Appeals for the D.C. Circuit.  

Lawmakers are watching that case unfold but don’t plan to delay broader supply chain action while they wait for a final ruling, the Homeland Security Committee staffer said.

“I think the way the litigation has gone so far has indicated DHS acting within its authority,” the staffer said. “We don’t think it’s going to impact the larger supply chain issue or derail it by any means.”