[BreachExchange] House approves bill to strengthen IT supply chain following SolarWinds hack

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Oct 21 09:29:53 EDT 2021


https://www.msn.com/en-us/news/politics/house-approves-bill-to-strengthen-it-supply-chain-following-solarwinds-hack/ar-AAPLphv


The House on Wednesday approved legislation to strengthen software and
information technology supply chains at the Department of Homeland Security
(DHS) and to help protect against attacks similar to last year's SolarWinds
hack.

The DHS Software Supply Chain Risk Management Act, sponsored by Rep.
Ritchie Torres (D-N.Y.) passed the lower chamber overwhelmingly by a vote
of 412-2.

The legislation would require DHS to issue departmentwide guidance that all
contractors submit lists of their software materials and the origins of
each item to DHS for review. That would allow the agency to have greater
insight into potential software vulnerabilities.

"As cyberattacks become increasingly frequent and sophisticated, it is
crucial that DHS has the capacity to protect its own networks and enhance
its visibility into information and communications tech or services that it
buys," Torres said in a statement Wednesday. "As a federal leader in the
cybersecurity space, DHS must set an example by modernizing how it protects
its networks."

Torres, the vice chairman of the House Homeland Security Committee, which
approved the bill earlier this year, urged the Senate to take up and pass
the legislation as soon as possible in order to heighten the nation's
cybersecurity.

"The security and integrity of software bought by DHS is integral to
homeland security. My bill will ensure that the Department has access to
prevent, detect, and respond to future cyber-attacks," Torres said. "I am
proud to work with the House Homeland Security Committee to provide DHS
with the best tools to defend its networks."

The bill was passed by the House as federal agencies continue to recover
from and investigate the impact of the SolarWinds hack.

The incident, first discovered in December, involved Russian
government-backed hackers exploiting vulnerabilities in software from IT
group SolarWinds to compromise nine federal agencies, including DHS, along
with at least 100 private sector groups.

According to The Associated Press, former acting DHS Secretary Chad Wolf's
email account and the email accounts of other top DHS officials and DHS
cybersecurity employees were among the data accessed by the hackers as part
of the incident.

President Biden levied sanctions against Russia in April in retaliation for
the SolarWinds hack.
All eyes on Manchin after Republicans again block voting rights legislation
<https://www.msn.com/en-us/news/politics/all-eyes-on-manchin-after-republicans-again-block-voting-rights-legislation/ar-AAPKYoZ>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211021/e8a900b5/attachment.html>


More information about the BreachExchange mailing list