Rep. Torres’s Software DHS Supply Chain Risk Management Act of 2021 Passes U.S. House of Representatives

Bill positions DHS as a federal leader in supply chain security 

WASHINGTON DC – Today, Rep. Ritchie Torres’ (NY-15) DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611) passed the U.S. House of Representatives. The bill requires the Department of Homeland Security (DHS) to develop guidelines for identifying materials used in software development. Specifically, the legislation directs DHS to modernize its information and communication technology or services acquisitions process by requiring the Under Secretary for Management to issue Department-wide guidance to require DHS contractors to submit software bills of materials (SBOM) that identify the origins of each component of the software furnished to DHS.

“As cyberattacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys,” said Rep. Torres. “As a federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.” 

The DHS Software Supply Chain Risk Management Act is an important step in strengthening the relationship and information sharing between DHS and industry partners. The bill follows guidance from President Biden’s May 2021 Executive Order to enhance the security of the federal government’s supply chain and building security of software systems. 

This legislation will allow DHS better insight into the software supply chain to effectively manage potential threats. The SolarWinds cyber espionage campaign highlighted how bad actors can manipulate third-party components in the software supply chain for information and communications technology or services (ICT(S)) used by the federal government. The SolarWinds malware incident was the latest of seven other software supply chain compromise events in the last decade.

“The security and integrity of software bought by DHS is integral to homeland security.  My bill will ensure that the Department has access to prevent, detect, and respond to future cyber-attacks. I am proud to work with the House Homeland Security Committee to provide DHS with the best tools to defend its networks. I urge my colleagues in the Senate to bring up and pass this important piece of legislation.”