The Network Security Information Sharing Act of 2019 cleared the House Energy and Commerce Committee via a voice vote on Nov. 20.
The legislation – initially introduced by Communications and Technology Subcommittee Chairman Mike Doyle, D-Pa., and Rep. Adam Kinzinger, R-Ill. – would require the Homeland Security Secretary to work with the Director of National Intelligence, the Director of the Federal Bureau of Investigation, National Telecommunications and Information Administration, and the Federal Communications Commission to “establish a program to share supply chain security risks with advanced communications service providers and trusted suppliers of telecommunications equipment and services.”
The program would be tasked with holding regular briefings to share supply chain security information; submit a plan to Congress to “declassify certain material, where appropriate, to help information sharing, as well as expand and expedite provision of clearances for that information sharing”; and ensure that the program’s activities are integrating with ongoing activities elsewhere in the government to make sure there are no duplicative activities going on.
“The threat foreign actors pose to the U.S. economy has never been greater,” Rep. Doyle said when the bill was introduced on Sept. 25. “Attacks on businesses over the internet or through telecommunications equipment have the potential today to devastate individual companies – or entire supply chains. One of the most effective steps the federal government can take to prevent such cyberattacks is to work more closely with advanced communications service providers to eliminate potential backdoors and other supply chain risks. The National Security Information Sharing Act would establish programs to facilitate the sharing of such information.”
Kinzinger echoed his colleague’s remarks in September, saying, “The security of American communications and information networks is paramount to our national security. Certain foreign adversaries have systematically coerced their equipment manufacturers to embed backdoors and other capabilities into their products, which are later purchased by American companies and integrated into our networks. No foreign actor should have the ability to eavesdrop on our citizens or our government – let alone use these backdoors to launch cyberattacks or disrupt our communications.”
The legislation does not appear to have a companion bill in the Senate at this time.