In an Oct. 10 letter to Office of Management and Budget (OMB) Director Mick Mulvaney, Sens. Gary Peters, D-Mich., Ron Johnson, R-Wis., Ron Wyden, D-Ore., and Tom Cotton, R-Ark., called for “stronger coordination of supply chain risk management for information and communications equipment across the Federal government.”
The Senators, who represent the leadership on the Senate Homeland Security and Governmental Affairs Committee and the Senate Select Committee on Intelligence, are specifically calling on the Federal Acquisition Security Council (FASC) to develop a comprehensive strategic information-sharing plan to protect government systems in the Executive branch, Congress and the Judicial branch.
“Both Congress and the Executive branch have devoted considerable time identifying ways to enhance the supply chain security of information and communications technology (ICT) on U. S. government systems,” the Senators wrote. “The government must ensure that information used to secure executive agency computer systems and networks is shared with ICT professionals in Congress and the Judiciary.”
The Council, which was established last year, is tasked with reducing Federal supply chain risks by “creating a combined information-sharing environment for individual agencies,” as well as within the larger Federal government, including the Intelligence Community and Federal employees who make purchasing decisions on behalf of civilian agencies.
The letter noted that the Council has begun implementing mechanisms in place to improve supply chain risk management (SCRM) in executive agencies, but said “executive agency solutions do not always mean whole of government solutions.” The Senators further explained that “neither Congress nor the judiciary has the resources, expertise, or mission to replicate” the work going on within Executive Branch agencies. Meaning, according to the letter, the “comprehensive ‘whole of government’ approach the FASC was intended to achieve will likely only benefit one branch of the Federal government.”
The Senators asked Mulvaney to “develop a strategic plan that will specifically incorporate information sharing with the judiciary and Congress” and asked him to provide information to Senate Sergeant at Arms, the House of Representatives CIO, and their counterparts in the Judiciary regarding threat briefings on ICT. The Senators gave Mulvaney until Oct. 23, 2019 to respond to their request with detailed information on how FASC will implement its new strategic plan.