Cornyn, Peters Introduce Bill to Safeguard U.S. Supply Chains, Cybersecurity
WASHINGTON – U.S. Senators John Cornyn (R-TX) and Gary Peters (D-MI) introduced their Securing America’s Federal Equipment (SAFE) in Supply Chains Act, which would protect America’s cybersecurity by ensuring government agencies do not unintentionally acquire counterfeit electronics or those from unauthorized sellers:
“From the pandemic to Russia’s attack on Ukraine and other global conflicts, the last few years have taught us just how important a secure domestic supply chain is to America’s national security,” said Sen. Cornyn. “This commonsense legislation would require government agencies to only purchase reliable electronics from trustworthy sellers, helping safeguard our cybersecurity from bad actors around the world.”
“The federal government has a responsibility to purchase technology that will help keep Americans’ data secure and strengthen our defense against a potential cyberattack,” said Sen. Peters. “This legislation takes an important step towards protecting our national security interests and securing our domestic supply chains.”
Background:
Due to increased cyberattacks on federal agencies and unsafe supply chains, it is vital that when purchasing information technology products, the federal government only purchase these electronics from Original Equipment Manufacturers (OEMs) or their authorized resellers. Under the Defense Federal Acquisition Regulations (DFARs), in order for businesses to contract with the U.S. military, they are required to only acquire electronic products from these OEMs or authorized sellers. However, there are still many cases of federal government employees purchasing technology from grey-market sellers rather than authorized sellers. Grey-market sellers may circumvent trusted supply chains and provide counterfeit technology that could harm security networks within the federal government. These counterfeit devices are often older and may contain unsafe and unreliable components, causing technology to malfunction or completely fail, leading to significant damage to networks and operations.
The Securing America’s Federal Equipment (SAFE) in Supply Chains Act would:
- Prohibit the head of an agency from using a covered product from an entity other than an original equipment manufacturer or authorized seller;
- Allow the head of an agency to waive the prohibition of a covered product, upon written notice to the Director of the Office of Management and Budget (OMB), if they determine the waiver is necessary in the interest of national security;
- Require written notice on justification for waivers and any security mitigations that have been implemented and a plan of action to avoid future waivers for similar future purchases;
And require OMB to submit a report to Congress that lists the number and types of covered products for which a waiver was granted and why.