May 10, 2022

Neguse-Led Supply Chain Security Training Act Heads to President’s Desk for Signature

 The bill, which revises best practices for supply chain risk management, passed the House today.  

Washington, D.C. – Today, Congressman Joe Neguse secured final passage of his bipartisan, bicameral Supply Chain Security Training Act. This Act, led in the Senate by Senators Gary Peters (D-MI) and Ron Johnson (R-WI), creates a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government's information security.

The passage comes after breaches of the federal government’s information systems – such as the attack on the SolarWinds network – have solidified the importance of domestically sourcing technological supply chains. 

“Attacks and disruptions to the United States’ supply chain are deeply concerning. By training our domestic workforce on best practices for identifying threats, we can strengthen our on-shore systems and improve the resiliency of our supply chain,” said Congressman Neguse. “I am proud to see both parties working together to prioritize the revitalization of American manufacturing by passing my bill today, and look forward to President Biden signing this bill into law.”

“I want to thank Rep. Joe Neguse for his work on this legislation to train federal regulators to identify vulnerabilities in our supply chains.” said House Majority Leader, Congressman Steny Hoyer. 

“Federal employees who are responsible for buying software and equipment for the government must be able to recognize potential cybersecurity threats in these products,” said Senator Peters. “This bipartisan legislation will help federal employees deter foreign adversaries and criminal hackers from taking advantage of vulnerabilities in newly purchased technology to breach federal systems and disrupt our supply chains. I applaud my colleagues in the House for passing this bill and look forward to seeing President Biden sign it into law.”

The bill also directs the Office of Management and Budget to develop guidance for other federal agencies on how to adapt this training program for their own needs and employees. 

Background:

The introduction of the Supply Chain Security Training Act came just four months after more than 1,000 businesses were hit by a supply chain ransomware attack, ahead of the 4th of July holiday weekend in 2021. Professionals across the county worked overtime to address the ransomware attack, which halted operations at industrial headquarters in Greeley, Colorado.This was the second time in two years a supply chain attack of this magnitude took place, with the SolarWinds attack of 2020 corrupting at least 100 companies and nine federal agencies including; parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury.

Neguse and Peters have been champions of provisions to secure supply chains, invest in cyber security initiatives, and equip state and local governments with best practices for thwarting threats. The two also introduced the State and Local Government Cybersecurity Act, which fosters cybersecurity coordination between the Department of Homeland Security and state and local actors, and would encourage the National Cybersecurity and Communications Integration Center to share vital security tools and protocols with state, local, tribal, and territorial governments. 

 ###