McCaskill’s Bipartisan Bill to Safeguard Against Supply Chain Security Threats Advances in the Senate

WASHINGTON – The Senate Homeland Security and Governmental Affairs Committee—where U.S. Senator Claire McCaskill serves as the top-ranking Democrat—today advanced McCaskill’s bipartisan bill with Republican Senator James Lankford of Oklahoma that would ensure government agencies consider the supply chain risks to national security and the public interest when buying information and communications technology (ICT). The legislation would establish a Council to equip the government with the policies and processes for sharing information and evaluating supply chain risks earlier in the purchasing process, and also provide the government with critical authorities to mitigate threats when they are discovered.

Supply chain security of information and communications technology has been a growing concern for the government for years, and came to prominence when the Department of Homeland Security issued a directive for all civilian agencies to remove Moscow-based Kaspersky Lab products from government systems in September 2017. This bill addresses a significant failure of information sharing that exists between the Intelligence Community, which has better insight into these threats, and the rest of the government.

“The bill we passed out of committee today enables our government to take long overdue steps to safeguard our systems from ICT supply chain risks—it’s the product of true bipartisan compromise with my fellow Senate colleagues and the Administration,” McCaskill said. “I’ve said time and time again that I’ll work with anyone regardless of party to keep Missourians safe, and I’m going to keep doing that to get this bill across the finish line.”

McCaskill’s bipartisan Federal Acquisition Supply Chain Security Act (FASCSA) of 2018 would create a government-wide approach to addressing the problem of supply chain security in federal acquisitions of ICT by establishing a Federal Acquisition Security Council to develop the policies and processes for agencies to use. The legislation would bridge the information gap between the Intelligence Community, the Department of Defense, and the rest of the government on technology vulnerabilities and characteristics that could jeopardize our national security. The compromise language also provides government-wide and agency-specific authorities to mitigate supply chain security risks and includes an important judicial review mechanism.

In July, the Trump Administration submitted a legislative proposal to Congress that takes a similar approach to addressing supply chain security risks as McCaskill’s FASCSA, which drew praise from McCaskill. At a hearing earlier this month, two cybersecurity companies also offered support for FASCSA.

McCaskill has long supported action to address the nation’s vulnerability to cyberattacks. Earlier this year, she voted to support President Trump’s nominee for the top cybersecurity official in the Department of Homeland Security. In April, the Senate approved a McCaskill-backed bill to strengthen cybersecurity at the Department of Homeland Security. She led a bipartisan effort to reinforce and enhance the Department of Homeland Security’s role in protecting the country’s cybersecurity by creating the Cybersecurity and Infrastructure Security Agency within the Department, a change the Department of Homeland Security resoundingly supports. Last month, a McCaskill-backed bill that addresses cybersecurity threats to small businesses was signed into law by President Trump. Following the Office of Personnel Management data breach, which compromised the personal information of at least 21.5 million individuals, McCaskill and a group of bipartisan Senators introduced language that was signed into law increasing the Department of Homeland Security’s ability to protect federal civilian networks from cyberattacks.