The House Homeland Security Committee on Tuesday approved the Securing the Homeland Security Supply Chain Act (HR 6430), which would authorize the Homeland Security Secretary to take a variety of actions to curb supply chain risk including actions to exclude certain contractors in order to address “urgent national security interest.”
According to text of the bill, such an action may be taken based on a joint recommendation from DHS’ chief acquisition officer and chief information officer that “there is a significant supply chain risk” that exists in a “covered procurement,” or contract, with DHS.
The bill defines supply chain risk as “risk that a malicious actor may sabotage, maliciously introduce an unwanted function, extract or modify data, or otherwise manipulate the design, integrity, manufacturing, production, distribution installation, operation, or maintenance of a covered article so as to surveil, deny, disrupt, or otherwise manipulate the function, use, or operation of the information technology or information stored on transmitted on covered articles.”
A “covered article” is defined in the bill as information technology including “cloud computing services of all types,” telecommunications equipment, and telecommunications services. It also covers hardware, software, devices, or services including embedded or incidental information technology.
The bill has been reported for consideration by the full House.