WASHINGTON – U.S. Senators John Cornyn (R-TX) and Gary Peters (D-MI) and Representatives Pat Fallon (TX-04) and Ro Khanna (CA-17) today introduced their Securing America’s Federal Equipment (SAFE) Supply Chains Act, which would protect America’s cybersecurity by ensuring the Department of Defense (DoD) does not unintentionally acquire counterfeit electronics or those from unauthorized sellers:

“As the world grows increasingly reliant on technology, we must take steps to defend against a potential cyberattack by shoring up our vulnerable domestic supply chains,” said Sen. Cornyn. “This legislation would prevent the Department of Defense from unintentionally purchasing counterfeit electronics to strengthen national security and ensure the integrity of our military’s digital infrastructure.”

“Securing the Department of Defense’s information technology supply chains is a critical step to protecting against cybersecurity threats that endanger our national security,” said Sen. Peters. “Our nation’s adversaries are increasingly targeting vulnerabilities across technologies, which can disrupt operations and steal sensitive data. This bipartisan legislation helps strengthen our national defense by ensuring that the Department of Defense is purchasing reliable technologies like software and cloud computing services from trusted sellers.”

“The proliferation of artificial intelligence has allowed US adversaries to conduct offensive cyber-operations with alarming speed and impact, creating the possibility of a devastating attack on our nation’s most sensitive networks,” said Rep. Fallon. “Simultaneously, our adversaries have been targeting our hardware and software systems by selling the US government counterfeit products through what are known as ‘grey market’ sellers. These products, although marketed as genuine hardware, allow our adversaries to gain access to US government systems, making it far easier to conduct subsequent cyber-attacks. This is unacceptable.”

“It is vital we work to protect American data from collection by our adversaries Russia, China, and Iran,” said Rep. Khanna. “Our bill will require the federal government to purchase technology hardware exclusively from trusted sources — guarding access to our telecommunications network and preventing the exploitation of American data.”

Background:

Due to increased cyberattacks on vulnerable supply chains and federal agencies, including the Department of Defense (DoD), it is vital that when purchasing information technology products, the DoD only purchase these electronics from Original Equipment Manufacturers (OEMs) or their authorized resellers. Under the Defense Federal Acquisition Regulations (DFARs), in order for businesses to contract with the U.S. military, they are required to only acquire electronic products from these OEMs or authorized sellers. However, there are still many cases of federal government employees purchasing technology from grey-market sellers rather than authorized sellers. Grey-market sellers may circumvent trusted supply chains and provide counterfeit technology that could harm security networks within the DoD. These counterfeit devices are often older and may contain unsafe and unreliable components, causing technology to malfunction or completely fail, leading to significant damage to networks and operations.

The Securing America’s Federal Equipment (SAFE) Supply Chains Act would:

• Prohibit the DoD from using a covered product from an entity other than an original equipment manufacturer or authorized seller;
• Allow the Secretary of Defense to waive the prohibition of a covered product, upon written notice to the Congressional Defense Committees, if they determine the waiver is necessary in the interest of national security;
• Require written notice on justification for waivers and any security mitigations that have been implemented and a plan of action to avoid future waivers for similar future purchases; and
• Require the DoD to submit a report to Congress that lists the number and types of covered products for which a waiver was granted and why.