The Senate Select Committee on Intelligence is taking aim at risks to the supply chain in its most recent draft of the Intelligence Authorization Act.
A provision in the legislation, which was approved by the panel May 14, would create a task force to address vulnerabilities in the supply chain from foreign actors.
The intelligence community has long known that foreign adversaries are interested in exploiting technology and information used by both industry and government. One key vulnerability is the acquisition supply chain.
The number of commercial and nonprofit organizations involved in any technology can be vast, and ensuring each supplier is protected from external threats is a daunting task. As a result, information shared with contractors who aren’t following strong security or cybersecurity practices can be vulnerable. In addition, determining what information should be shared with industry is a major challenge for the intelligence community.
The Senate Select Committee on Intelligence has proposed a supply chain risk management task force that would be charged with standardizing information sharing between the intelligence community and contractors.
The legislation would direct the Director of National Intelligence to establish a Supply Chain and Counterintelligence Risk Management Task Force composed of representatives from several federal agencies, including the FBI, the Department of Homeland Security, and Office of Federal Procurement Policy of the Office of Management and Budget, among others. It would also include the Director of the National Counterintelligence and Security Center.
The task force would be required to report annually to Congress on the supply chain and counterintelligence risks facing the intelligence community and the acquisitions community.
Another provision in the bill would require the Director of National Intelligence to report annually on how the intelligence community is working with commercial and academic communities to keep their technology, intellectual property and research safe from foreign adversaries.
The language in the bill follows similar efforts from Congress in 2018. In December, the Senate passed a bill to create the the Federal Acquisition Supply Chain Security Council, although that legislation has been held up in the House since.
More recently, a bill was introduced to the Senate that would require training to understand supply-chain risk management. The Supply Chain Counterintelligence Training Act would develop a training program for acquisition officials to teach them how to identify and counter threats to the supply chain.
The Intelligence Authorization Act now goes to the full Senate for approval.