Supply Chain Security Training Act of 2021

Floor Speech

Date: May 10, 2022
Location: Washington, DC

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I move to suspend the rules and pass the bill (S. 2201) to manage supply chain risk through counterintelligence training, and for other purposes.

The Clerk read the title of the bill.

The text of the bill is as follows: S. 2201

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ``Supply Chain Security Training Act of 2021''. SEC. 2. TRAINING PROGRAM TO MANAGE SUPPLY CHAIN RISK.

(a) In General.--Not later than 180 days after the date of the enactment of this Act, the Administrator of General Services, through the Federal Acquisition Institute, shall develop a training program for officials with supply chain risk management responsibilities at Federal agencies.

(b) Content.--The training program shall be designed to prepare such personnel to perform supply chain risk management activities and identify and mitigate supply chain security risks that arise throughout the acquisition lifecycle, including for the acquisition of information and communications technology. The training program shall--

(1) include, considering the protection of classified and other sensitive information, information on current, specific supply chain security threats and vulnerabilities; and

(2) be updated as determined to be necessary by the Administrator.

(c) Coordination and Consultation.--In developing and determining updates to the training program, the Administrator shall--

(1) coordinate with the Federal Acquisition Security Council, the Secretary of Homeland Security, and the Director of the Office of Personnel Management; and

(2) consult with the Director of the Department of Defense's Defense Acquisition University, the Director of National Intelligence, and the Director of the National Institute of Standards and Technology.

(d) Guidance.--

(1) In general.--Not later than 180 days after the training program is developed under subsection (a), the Director of the Office of Management and Budget shall promulgate guidance to Federal agencies requiring executive agency adoption and use of the training program. Such guidance shall--

(A) allow executive agencies to incorporate the training program into existing agency training programs; and

(B) provide guidance on how to identify executive agency officials with supply chain risk management responsibilities.

(2) Availability.--The Director of the Office of Management and Budget shall make the guidance promulgated under paragraph (1) available to Federal agencies of the legislative and judicial branches. SEC. 3. REPORTS ON IMPLEMENTATION OF PROGRAM.

Not later than 180 days after the completion of the first course, and annually thereafter for the next three years, the Administrator of General Services shall submit to the appropriate congressional committees and leadership a report on implementation of the training program required under section 2. SEC. 4. DEFINITIONS.

In this Act:

(1) Appropriate congressional committees and leadership.-- The term ``appropriate congressional committees'' means--

(A) the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services of the Senate; and

(B) the Committee on Oversight and Reform and the Committee on Armed Services of the House of Representatives.

(2) Information and communications technology.--The term ``information and communications technology'' has the meaning given the term in section 4713(k) of title 41, United States Code.

(3) Executive agency.--The term ``executive agency'' has the meaning given the term in section 133 of title 41, United States Code.

(4) Federal agency.--The term ``Federal agency'' means any agency, committee, commission, office, or other establishment in the executive, legislative, or judicial branch of the Federal Government.

(5) Training program.--The term ``training program'' means the training program developed pursuant to section 2(a).

Mr. Speaker, I rise in support of S. 2201, the Supply Chain Security Training Act, led by Chairman Gary Peters of the Committee on Homeland Security and Governmental Affairs and Senator Ron Johnson of Wisconsin.

I thank Representatives Joe Neguse and Scott Franklin, who did excellent bipartisan work here to lead the House companion, H.R. 5962, which was reported by the Oversight and Reform Committee on February 4 without opposition.

This important bill to defend our Nation's information and communications technology supply chains cannot be enacted soon enough.

In December 2020, a Government Accountability Office report revealed that Federal agencies had failed to fully implement supply chain and risk management standards for information and communications technology.

That same month, the discovery of the SolarWinds breach made urgently clear how dangerous supply chain vulnerabilities can be. The networks of at least nine Federal agencies were compromised by Russian actors, allowing them access to Federal systems for months before they were even discovered.

To help address these concerns, the Supply Chain Security Training Act establishes a training program for agency employees with responsibilities related to supply chain risk management, better preparing them to identify and mitigate supply chain threats associated with the acquisition of products and services.

The training requirements created by this bill will ensure that the acquisition workforce has the capability to identify items in the supply chain that could be used to exploit Federal information systems.

As the largest purchaser of goods and services in the world, the Federal Government relies on a complex supply chain that spans continents and is continuously targeted by foreign adversaries and cybercriminals scheming to breach Federal information systems.

To protect our national security interests and guard against these attacks, we must equip our Federal acquisition officials with the expertise and skills they need to reinforce our cybersecurity defenses through purchasing decisions.

I encourage my colleagues to support this bill, and I reserve the balance of my time.

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I have no further speakers on this side. I reserve the balance of my time.

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I thank my friend from South Carolina for her leadership and support on this important piece of legislation, which will help guard Federal assets.

I urge passage of the bill, and I yield back the balance of my time.

BREAK IN TRANSCRIPT


Source
arrow_upward