Bipartisan leaders of two Senate committees have called for a whole-of-government approach to supply chain risk management for information and communications equipment through better coordination across all three branches of the government.
The letter from the chairmen and ranking minority members of the Intelligence and Homeland Security and Governmental Affairs committees said asked the Federal Acquisition Security Council to develop a strategic information sharing plan covering Congress and the judiciary as well as the executive branch. That council was created by a law enacted last year with the goal of reducing supply chain risks by facilitating information sharing among agencies.
A letter to OMB says that Congress and the judiciary lack the expertise and resources to replicate that effort, potentially leaving them vulnerable to introducing insecure technology putting national security at risk. “The threat is not hypothetical,” the letter says.
For the judiciary, it cites warnings in the National Cyber Strategy, annual reports from the court systems highlighting the need to counter threats posed by hacking, viruses and other malicious acts, and a Center for Strategic and International Studies report calling for immediate steps to counter threats to the courts.
“Adversaries abroad have similarly targeted Congress, most recently documented in a number of attempted hacks of Senate offices. This threat goes back over a decade, with one notable incident in 2008 involving a number of congressional computers. These adversaries are likely using every tool at their disposal to compromise” the systems used by congressional offices, it says.