After Passing House, Peters and Johnson Legislation to Help Secure Federal Information Technology Supply Chains Against Security Threats Heads to President to be Signed into law

WASHINGTON, DC – U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and Ron Johnson (R-WI) applauded House passage of their legislation to help protect against cybersecurity threats and other technological supply chain security vulnerabilities that arise when the federal government purchases services, equipment or products. The bipartisan Supply Chain Security Training Act would create a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government’s information security. The bill has already passed the Senate and now heads to President Biden’s desk to be signed into law.

“Federal employees who are responsible for buying software and equipment for the government must be able to recognize potential cybersecurity threats in these products,” said Senator Peters. “This bipartisan legislation will help federal employees deter foreign adversaries and criminal hackers from taking advantage of vulnerabilities in newly purchased technology to breach federal systems and disrupt our supply chains. I applaud my colleagues in the House for passing this bill and look forward to seeing President Biden sign it into law.”

“Counterintelligence training for federal workers who buy and sell goods and services for the government is critical, especially at a time when our adversaries are aggressively and persistently attempting to breach our systems and steal information,” said Senator Johnson. “This is essential training that will help close a potential gap in our cyber and physical security defenses.”

Training and preparing federal acquisitions employees to recognize and mitigate these growing threats is an essential step in preventing hostile actors from compromising America’s national security. Breaches of federal information systems in the past exploited vulnerabilities in the SolarWinds and Microsoft Exchange networks, highlighting the need for robust technological supply chain security and the importance of ensuring agency personnel responsible for managing these resources are well versed and up-to-date on cybersecurity threats and other attempts to steal sensitive or valuable information.

The Supply Chain Security Training Act directs the General Services Administration (GSA), in coordination with the Department of Homeland Security (DHS), Department of Defense (DOD) and the Office of Management and Budget (OMB), to create a supply chain security training program for federal officials with supply chain risk management responsibilities. The bill would also require the Office of Management and Budget (OMB) to develop guidance for federal agencies to adopt and use the training program and how to select officials to participate in the training.

The legislation also builds on an executive order from President Biden that made it easier for federal agencies to share threat information, modernize their cybersecurity infrastructure and enhance federal software supply chain security in the wake of recent serious breaches.