House approves bill to strengthen IT supply chain following SolarWinds hack

Oct 20, 2021
In the News

Original article written by Maggie Miller for The Hill

Photo Credit: Greg Nash

The House on Wednesday approved legislation to strengthen software and information technology supply chains at the Department of Homeland Security (DHS) and to help protect against attacks similar to last year’s SolarWinds hack.  

The DHS Software Supply Chain Risk Management Act, sponsored by Rep. Ritchie Torres (D-N.Y.) passed the lower chamber overwhelmingly by a vote of 412-2.  

The legislation would require DHS to issue departmentwide guidance that all contractors submit lists of their software materials and the origins of each item to DHS for review. That would allow the agency to have greater insight into potential software vulnerabilities.   

“As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys,” Torres said in a statement Wednesday. “As a federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.”  

Torres, the vice chairman of the House Homeland Security Committee, which approved the bill earlier this year, urged the Senate to take up and pass the legislation as soon as possible in order to heighten the nation’s cybersecurity. 

“The security and integrity of software bought by DHS is integral to homeland security. My bill will ensure that the Department has access to prevent, detect, and respond to future cyber-attacks,” Torres said. “I am proud to work with the House Homeland Security Committee to provide DHS with the best tools to defend its networks.”  

The bill was passed by the House as federal agencies continue to recover from and investigate the impact of the SolarWinds hack. 

The incident, first discovered in December, involved Russian government-backed hackers exploiting vulnerabilities in software from IT group SolarWinds to compromise nine federal agencies, including DHS, along with at least 100 private sector groups.  

According to The Associated Press, former acting DHS Secretary Chad Wolf’s email account and the email accounts of other top DHS officials and DHS cybersecurity employees were among the data accessed by the hackers as part of the incident. 

President Biden levied sanctions against Russia in April in retaliation for the SolarWinds hack. 

Recent Posts

Apr 3, 2024

U.S. Reps. Torres and Espaillat Statement on Updated Race and Ethnicity Census Data Standards 

WASHINGTON, DC – U.S. Representatives Ritchie Torres (NY-15) and Adriano Espaillat (NY-13) commend the efforts of the Office of Management and Budget (OMB) in updating Statistical Policy Directive No. 15: Standards for Maintaining, Collecting, and Presenting Federal Data on Race and Ethnicity announced last week. However, they acknowledge the notable absence of specific signaling to Afro-Latinos which is critical to […]

Apr 1, 2024

FY 2025 Appropriations Requests

Community Project Funding (CPF) allows Members of Congress the opportunity to request direct funding for projects that benefit the communities they represent. The FY 2025 guidelines for requesting funding for community projects have NOT yet been released, but our office is proactively gathering requests in anticipation of approaching deadlines. As in prior years, projects will likely […]

Apr 1, 2024

Grant Information

GRANTS AND FEDERAL DOMESTIC ASSISTANCE Guidance and key resources to help eligible grantseekers find information on federal grants, loans, and nonfinancial assistance for projects, as well as on private funding. Prepared by the Congressional Research Service for Members of Congress, updated August 2023. HOW BEST TO FIND INFORMATION KEY FEDERAL FUNDING SOURCES Assistance Listings (CFDA) at […]