DHS Asks Industry’s Help in Major Supply Chain Security Upgrade

The Homeland Security Department released a broad call to industry Friday asking about tools the government can use to secure its tech supply chain against cybersecurity and national security threats.

The request is part of a broad department effort to prevent hardware and software that might be compromised by foreign governments or criminal hackers from making its way to government computer networks.

Historically, government contracting officers have reviewed hardware and software contracts for price, quality and legal concerns but have not done much advance vetting focused on security.

The government has barred three specific foreign vendors from government and contractor networks during the past year—the Russian company Kaspersky Lab and the Chinese companies Hauwei and ZTE—but only after substantial effort.

The Kaspersky ban required a formal order from the Homeland Security Department, which was later backed up by legislation, and Huawei and ZTE were both banned by a law President Trump signed earlier this week.  

Officials are concerned all three companies’ products could be used as spying tools by Russian or Chinese intelligence agencies.

The current process for barring companies by legislation or Homeland Security orders is simply too onerous, however, to apply to the myriad cyber threats facing the government supply chain, officials have said.

Friday’s notice seeks information about products that could identify and mitigate the damage caused by technology that’s infected by foreign governments, counterfeit or “vulnerable due to deficient manufacturing practices within the supply chain.”

The department is also seeking information about tools that can identify supply chain threats in tech services, including cloud-based services, according to the notice.

The notice is a request for information, meaning the government isn’t seeking bids on any particular contracts and hasn’t committed to buying anything.

The department is seeking response to the request by Oct. 10.

Homeland Security is currently embroiled in a lawsuit over the Kaspersky ban, which the Russian company says violates the U.S. constitution. The appeals phase of that case will be argued before a judicial panel in September.

A federal judge dismissed Kaspersky’s case at the federal district court level in May.