The House of Representatives passed the DHS Software Supply Chain Risk Management Act of 2021 this week with a 412-2 vote.
The legislation, introduced by Rep. Ritchie Torres, D-N.Y., would require the Department of Homeland Security (DHS) to issue guidance requiring DHS contractors to disclose the origins of each software component through software bills of materials.
In doing so, the legislation aims to help DHS protect its networks from cyberattacks and modernize its procurement of information and communications technology or services.
“As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys,” Rep. Torres said in a statement. “As a Federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.”
Rep. Torres said the legislation is also an important step in strengthening the relationship between DHS and industry.
The House Committee on Homeland Security approved the cybersecurity-focused bill during a markup on July 28. However, the Senate has yet to introduce a companion bill.
“The security and integrity of software bought by DHS is integral to homeland security. My bill will ensure that the department has access to prevent, detect, and respond to future cyberattacks,” Rep. Torres said. “I am proud to work with the House Homeland Security Committee to provide DHS with the best tools to defend its networks. I urge my colleagues in the Senate to bring up and pass this important piece of legislation.”