On Wednesday, the DHS Software Supply Chain Risk Management Act of 2021 was passed by the U.S. House of Representatives in a 412-2 vote.
The new legislation was developed in response to the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity and works to prevent future cyber attacks on critical DHS infrastructure by giving the agency better software supply chain insight and management capabilities, said Rep. Ritchie Torres, vice chairman of the House Homeland Security Committee and sponsor of the bill.
Under the bill, the Under Secretary for Management will be required to issue department-wide guidelines for identifying materials used in software development.
The new guidelines will help modernize DHS’ acquisition process and strengthen cybersecurity by requiring DHS contractors to submit software bills of material identifying the origins of each component in the software provided to the agency.
Rep. Torres said, “As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys.”
According to a recent SpyCloud report, 72 percent of surveyed organizations experienced ransomware and cyber attacks over the past year, and 13 percent of that group reported being affected six to ten times within that time frame.
The DHS Software Supply Chain Risk Management Act aims to address the growing threat of cyber attacks and provide a framework for more secure networks and software systems across federal agencies by strengthening information sharing between DHS and its industry partners.
Additionally, Rep. Torres noted that this bill will position DHS as a federal leader in cybersecurity and advance the agency’s modernization initiatives.
The upcoming Supply Chain Cybersecurity: Revelations and Innovations Forum, hosted by ExecutiveBiz Events on October 26th, will gather distinguished cybersecurity experts to discuss the impact and implications of the historic 2020 Solarwinds attack and explore how federal and industry officials will work to adhere to new legislation and continue improving the nation’s cybersecurity.