Lawmakers Aim to Improve Technology Security with Supply Chain Training

Senators Gary Peters (D-MI) and Ron Johnson (R-WI) have introduced legislation aimed at protecting against cyber threats and supply chain vulnerabilities through standardized training programs. The Supply Chain Security Training Act would create a standard training program for federal employees responsible for purchasing services and equipment.

Under the legislation, the General Services Administration (GSA), in coordination with the Department of Homeland Security (DHS), Department of Defense (DOD), and the Office of Management and Budget (OMB), is directed to create a supply chain security training program for federal officials working with supply chain risk management duties. OMB would also be tasked with developing guidance for federal agencies to determine who should participate in the training, and how to adopt and use the training.

“Recent attacks against American networks show that our foreign adversaries and criminal organizations will stop at nothing to breach federal networks, steal information and compromise our national security,” said Senator Peters in the press release announcing the legislation. “Federal employees need to know how to recognize possible threats when they are purchasing software and equipment that could allow bad actors a back door into government information systems. This bill will help strengthen national security by safeguarding against cybersecurity vulnerabilities and other threats posed by the technology our government uses.”

The legislation is based on a previous bill the lawmakers introduced in 2019 which also aimed to create a government-wide approach to securing information across the executive brands through training to identify and mitigate threats.

Senator Johnson said of the new bill, “Counterintelligence training for federal workers who buy and sell goods and services for the government is critical at a time when our adversaries are probing cyber vulnerabilities to breach our systems and steal information. This type of training will help close a potential gap in our cyber and physical security defenses.”

The legislation also builds on President Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity.

The order removes barriers to threat information sharing between the government and the private sector, modernizes and implements stronger cybersecurity standards across the federal government, improves software supply chain security, establishes a Cybersecurity Safety Review Board, creates a standard playbook for responding to cyber incidents, improves detection of cybersecurity incidents on federal networks, and improves investigative and remediation capabilities.