Two US senators have proposed a bill this week that aims to address the issues with software and IT services provided to the US government and its agencies.
Named the "Federal Acquisition Supply Chain Security Act" (FASCSA), the bill addresses "supply-chain attacks," a term used to describe cyber-incidents when an attacker compromises a target's software in order to gain visibility inside its operations.
The purpose of this new bill is to create a special council —named the Federal Acquisition Security Council— that will be tasked with reviewing software and services together US intelligence agencies and drafting policies and recommendations to prevent the US government from using software from contractors with ties to other governments.
The bill is a direct reaction to the recent scandals that have involved Kaspersky Lab and ZTE.
Last year, the US government banned the use of Kaspersky software on computers part of the federal network, claiming the Russian antivirus vendor has ties to the Russian intelligence apparatus.
This year, the US government banned US companies from selling components to ZTE, a hardware vendor which it believes it has close ties to the Chinese government, and which has broken US economic sanctions on numerous occasions, only to later see President Trump step in and thwart some of their efforts.
Also this year, on the same fears that Chinese companies provide data to the Chinese government, US legislators have proposed two bills to ban US government agencies from buying, using, or contracting Chinese-made telecommunications equipment or services altogether. The bills specifically name Chinese equipment manufacturers like Huawei, ZTE, Datang, and Zhongxing.
The new FASCSA wants the Council it plans to set up will be tasked with determining current supply-chain threats and help the US government shed some of its suspicious IT suppliers and avoid signing new contracts.
The Council will have to work together with the US public and private intelligence and cyber-security communities. According to FASCSA's text, the following will have a seat on the Council:
"We need to have a system in place that will allow us to address risks before it becomes an issue nationwide," said Senator James Lankford (R-OK), who introduced the bill together with Senator Claire McCaskill (D-MO).
"This bipartisan bill will help to clarify each government agencies' role and responsibility and protect the federal government from IT security threats through strengthening supply chain risk management," he added.
"Our bill creates a government-wide approach to solving supply chain security issues in federal acquisitions," the Senator added on Twitter.