White House floats law to shore up agencies’ digital supply chain

The Trump administration is proposing a law to tighten up the security of computer systems that the federal government buys and uses.

Thursday, the White House publicly released the draft of legislation it had sent to Capitol Hill two days earlier. The proposal would shore up supply-chain cybersecurity for civilian federal agencies, which is currently being considered in piecemeal fashion across multiple different bills in the House and Senate.

The news was first reported by Inside Cybersecurity.

The White House’s proposal, titled “Federal Information Technology Supply Chain Risk Management Improvement Act of 2018,” would create two bodies – a Federal IT Acquisition Security Council and a Critical IT Supply Chain Risk Evaluation Board – that offer agencies advice and guidance on how to cut down on supply chain security risks when procuring their technology.

If passed, the bill would give civilian agencies more authorities and tools to mitigate supply chain security risks. Furthermore, it would provide consistent, robust and streamlined guidance across the government to avoid and address security threats stemming from various IT products.

The goal is to begin bridging the gap between supply chain security efforts of the intelligence community and the Defense Department, which are stringent and centralized, and civilian counterparts, which are comparatively lax and scattershot.

The move garnered praise from a key Democrat, Sen. Claire McCaskill, D-Mo., the ranking member of the Homeland Security and Governmental Affairs Committee.

“Safeguarding against IT supply chain security risks requires a new approach that brings together experts from national security and civilian agencies, and I’m happy to see the Administration’s proposal builds on the bipartisan legislation Senator Lankford and I introduced,” McCaskill said in a statement.

In June, McCaskill and Sen. James Lankford, R-Okla., introduced the “Federal Acquisition Supply Chain Security Act,” a bill to address supply chain risks by standing up a federal acquisition council with members of the IC and DOD.

“This is another great example of where Congress and the Administration can work together in a bipartisan manner to find common solutions,” McCaskill said. “I stand ready to continue working with the Administration and my colleagues to fine-tune our legislation addressing emerging national security threats.”