House Overwhelmingly Passes Bills to Fortify U.S. Cybersecurity
The House has passed three bipartisan bills to secure U.S. telecommunications from cyber adversaries, particularly China, along with another measure to fortify supply chains at the Department of Homeland Security (DHS).
The Secure Equipment Act, sponsored by House Minority Whip Steve Scalise (R-LA) and Rep. Anna Eshoo (D-CA), would prohibit the Federal Communications Commission (FCC) from reviewing or issuing new equipment licenses to companies on the agency’s Covered Equipment or Services List that pose a national security threat. The legislation would specifically bar equipment manufactured by Chinese state-backed firms such as Huawei, ZTE, Hytera, Hikvision and Dahua from use in the U.S.
“By prohibiting the FCC from issuing any equipment licenses to companies identified as a threat to our national security, this bill prevents compromised Chinese equipment from threatening America’s networks,” Scalise said. Eshoo also hailed the bill’s passage, specifically calling out Huawei’s and ZTE’s ties to the Chinese government that “increase the vulnerabilities of our telecommunication systems and put the U.S. at risk.”
A Senate version of the bill, introduced last May by Sens. Edward Markey (D-MA) and Marco Rubio (R-FL), has yet to receive a floor vote.
Two Communications Acts
A second bill passed by the House, the Communications Security Advisory Act, would direct the FCC to establish a council to recommend ways to increase the security, reliability, and interoperability of communications networks. The bipartisan bill is sponsored by Reps. Elissa Slotkin (D-MI), Kurt Schrader (D-OR) and Tim Walberg (R-MI). “We have to be prepared as a nation to meet these evolving challenges, and bringing the best minds to the table helps us do that,” Walberg said.
A third measure, the Information and Communication Technology Strategy Act, will require the Commerce Department to create a strategy to bolster the economic competitiveness of U.S. information and communications vendors and reduce their reliance on foreign resources.
The bill is backed by Reps. Billy Long (R-MO), Jerry McNerney (D-CA) and Abigail Spanberger (D-VA). “We need to make sure information technology supply chains are secure and we need to know how dependent U.S. information and communications technology companies are on foreign countries like China,” Long said. “This doesn’t just ask the federal government to conduct a study, it requires the federal government to come up with a real solution to securing this critical supply chain.”
Supply Chain Risk Management Act
A fourth bill, the DHS Software Supply Chain Risk Management Act, sponsored by Rep. Ritchie Torres (D-NY), would direct DHS to modernize its information and communication technology and services acquisitions process. The legislation would give DHS better visibility into its supply chain to defend against cyber threats, Torres said.
DHS was among nine federal agencies hit by the massive SolarWinds Orion attack executed by the Nobelium crew, a Kremlin-backed cyber syndicate. “As cyber attacks become increasingly frequent and sophisticated, it is crucial that DHS has the capacity to protect its own networks and enhance its visibility into information and communications tech or services that it buys,” Torres said. “As a federal leader in the cybersecurity space, DHS must set an example by modernizing how it protects its networks.” As a case in point, former acting DHS Secretary Chad Wolf’s email account along with those belonging to other DHS cybersecurity officials were reportedly compromised in the SolarWinds incident.
Torres’ bill follows guidance from President Biden’s May 2021 Executive Order to enhance the security of the federal government’s supply chain and building security of software systems. Last April, Biden imposed sanctions on Russia over the SolarWinds event.
All four bills passed the lower chamber by wide margins and now head to the Senate for consideration.