House approves bill to strengthen IT supply chain following SolarWinds hack
Original article written by Maggie Miller for The Hill
The House on Wednesday approved legislation to strengthen software and information technology supply chains at the Department of Homeland Security (DHS) and to help protect against attacks similar to last year’s SolarWinds hack.
The DHS Software Supply Chain Risk Management Act, sponsored by Rep. Ritchie Torres (D-N.Y.) passed the lower chamber overwhelmingly by a vote of 412-2.
The legislation would require DHS to issue departmentwide guidance that all contractors submit lists of their software materials and the origins of each item to DHS for review. That would allow the agency to have greater insight into potential software vulnerabilities.
“As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys,” Torres said in a statement Wednesday. “As a federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.”
Torres, the vice chairman of the House Homeland Security Committee, which approved the bill earlier this year, urged the Senate to take up and pass the legislation as soon as possible in order to heighten the nation’s cybersecurity.
“The security and integrity of software bought by DHS is integral to homeland security. My bill will ensure that the Department has access to prevent, detect, and respond to future cyber-attacks,” Torres said. “I am proud to work with the House Homeland Security Committee to provide DHS with the best tools to defend its networks.”
The bill was passed by the House as federal agencies continue to recover from and investigate the impact of the SolarWinds hack.
The incident, first discovered in December, involved Russian government-backed hackers exploiting vulnerabilities in software from IT group SolarWinds to compromise nine federal agencies, including DHS, along with at least 100 private sector groups.
According to The Associated Press, former acting DHS Secretary Chad Wolf’s email account and the email accounts of other top DHS officials and DHS cybersecurity employees were among the data accessed by the hackers as part of the incident.
President Biden levied sanctions against Russia in April in retaliation for the SolarWinds hack.