The House and Senate have approved H.R. 7387–the SECURE Technology Act–which combines existing bills that would aim to reduce Federal government supply chain threats and establish a bug bounty program and vulnerability disclosure policy at the Department of Homeland Security (DHS).
The bill approved by the House and Senate draws from three exiting measures – H.R. 6735, S. 1281, an S. 3085.
S. 3085 was approved by the Senate earlier this week and would “establish a Federal Acquisition Security Council and … provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology.” The council would include members for the Departments of Homeland Security (DHS) and Defense, the General Services Administration, Office of the Director of National Intelligence, Federal Bureau of Investigation, Office of Management and Budget, and the National Institute of Standards and Technology. The council would be tasked with establishing criteria for determining what types of products pose supply chain security risks to the Federal government.
H.R. 6735 directs DHS to establish policies for reporting security vulnerabilities regarding the agency’s public websites, and plans to mitigate and remediate those vulnerabilities. S. 1281 was approved by the Senate in April and directs the DHS CIO’s office to establish a bug bounty program to minimize vulnerabilities to DHS Internet-facing IT.
“Cyber security is national security,” commented Rep. Will Hurd, R-Texas, chairman of the House IT Subcommittee, in a statement.
“Not a day goes by that our critical infrastructure isn’t targeted by bad actors from every corner of the Globe,” said Hurd, who added, “The SECURE Technology Act ensures that our federal agencies can better mitigate the risks to our networks and supply chains. I’m proud that my colleagues and I came together to support this bipartisan initiative to keep Americans safe across the finish line, and I’ll continue to do all that I can to deliver real results back home.”