With continuing attacks on government and private sector networks, a bipartisan cybersecurity bill would mandate more training, focusing especially on feds with supply chain duties.
Cyber hacks—many directed in whole or in part at U.S. government agencies and their data—continue to grab headlines. The recent Solarwinds and Microsoft breaches affected just about all agencies—and the Colonial Pipeline ransomware attack further had damaging effects on government and private-sector energy supplies.
A bipartisan bill pending in Congress, backers say, could help facilitate enhanced training for feds, so that a wide range of employees and contractors at agencies could more effectively join in on the front lines of fending off these incursions.
The Cybersecurity and Infrastructure Security Agency (CISA) unit of the Department of Homeland Security continues to soldier on, taking a lead role in averting and managing such attacks. CISA has issued advisories on how to mitigate the effects of the recent attacks, for federal employees. But many hacks gain access to systems due to operator error—and so in addition to CISA’s efforts the consensus is there is a need for better prevention training across agencies.
That’s the whole point of the Supply Chain Security Training Act. The bill mandates the development of a standardized training program, one that would teach federal employees tasked with buying services and equipment from contractors and suppliers to ensure the cyber safety of those purchases.
“Recent attacks against American networks show that our foreign adversaries and criminal organizations will stop at nothing to breach federal networks, steal information and compromise our national security,” stated Sen. Gary Peters (D-Mich.), co-sponsor of the bill along with Sen. Ron Johnson (R-Wis.). “Federal employees need to know how to recognize possible threats when they are purchasing software and equipment that could allow bad actors a back door into government information systems.”
“This bill will help strengthen national security by safeguarding against cybersecurity vulnerabilities and other threats posed by the technology our government uses,” Peters said.
The bill would require the General Services Administration (GSA), the Office of Management and Budget (OMB), DOD and DHS to work together to develop a the standard “supply chain security training program for federal officials with supply chain risk management responsibilities,” Sen. Peters’ release notes. Additionally, OMB would have to create guidance for other agencies on how best to select trainees and adopt and use the training program.
NEXT STORY: View the June 28, 2021 issue as a PDF