The Senate Homeland Security and Governmental Affairs Committee on Wednesday voted to approve a handful of bills that place a strong emphasis on cybersecurity, IT supply chain security, and the enhancement of digital citizen services.
The bills would, among other things, create a new Federal supply chain council, expand authorities for agency heads, back ongoing efforts at DHS, and also look to improve government websites and the utilization of the Federal cyber workforce.
The committee approved S.3085, the Federal Acquisition Supply Chain Security Act. The bill, introduced by Sen. Clair McCaskill, D-Mo., seeks to “establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology.”
The council would include members for the Departments of Homeland Security (DHS) and Defense, the General Services Administration, Office of the Director of National Intelligence, Federal Bureau of Investigation, Office of Management and Budget, and the National Institute of Standards and Technology.
The council would be tasked with establishing criteria for determining what types of products pose supply chain security risks to the Federal government. The bill currently lacks a companion bill in the House.
The committee approved S.3208, the Federal Information Systems Safeguards Act. The bill would allow Federal agency heads “to take any action to limit, restrict, or prohibit access to a website or to test, deploy, or update a cybersecurity measure if the head of the agency determines such action is necessary to carry out the responsibilities of the head of the agency.”
The crux of this bill centers on social media sites and personal email, which have been noted attack vectors for spearphishing and social engineering attacks on Federal employees. Thus, the bill would allow those agency heads from restricting employees from visiting Facebook, or any other site, if they deem it dangerous to the agency’s function.
The contentious bill shares an identical companion in the House, where is was approved in July by the House Oversight and Government Reform Committee, but has not yet seen a vote in the full chamber.
The committee also approved a bill that seeks to make enhancements on Federal websites in an effort to improve the delivery of citizen services.
S.3050, the 21st Century Integrated Digital Experience Act (IDEA), would impose minimum standards for Federal website functionality. It would require the elimination or consolidation of duplicative sites, require a consistent user experience on all agency sites, in addition to a number of other functionality requirements.
It would give agencies two years to provide a “digital option” for any in-person government service, and would give agencies one year to ensure that any public-facing, paper-based form, application, or service is available in a digital format.
An identical companion bill in the House, proposed by Rep. Ro Khanna, D-Calif., has yet to gain traction in that chamber of Congress.
DHS Cyber Activities
Three bills advanced Wednesday would promote cybersecurity activities at DHS.
S.3309, the DHS Cyber Incident Response Teams Act, would require DHS’ National Cybersecurity and Communication Integration Center (NCCIC) “to maintain cyber hunt and incident response teams” that provide identification and restoration of services following cyberattacks.
S.278, the Support for Rapid Innovation Act, would reinforce the activities of DHS’ Science and Technology Directorate, extending the authority to carry out R&D programs until the end of FY 2021, “to support the research, development, testing, evaluation, and transition of cybersecurity technologies.”
The two bills would essentially provide legislative backing to activities that are already ongoing at DHS. Companion bills for both have passed in the House, and would be on track to become law if the Senate takes up a vote on them.
The third DHS-related bill, S.594, the National Cybersecurity Preparedness Consortium Act, would allow DHS “to work with a consortium, including the National Cybersecurity Preparedness Consortium, to support efforts to address cybersecurity risks and incidents,” including support of NCCIC. Its companion in the House has yet to advance beyond committee.
A final cyber bill advanced by the committee would establish a “rotational cyber workforce program” and enable qualified cybersecurity professionals in the Federal government to provide services to other agencies on a short-term basis. The bill does not have a companion in the House.