President Biden on June 16 signed into law the Supply Chain Security Training Act, which requires the General Services Administration (GSA) to develop a training program for officials with supply chain risk management responsibilities at Federal agencies.
The legislation was first introduced by Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., and passed the Senate in January.
GSA will work in coordination with the Departments of Defense and Homeland Security, as well as the Office of Management and Budget (OMB) to create the training program. OMB will also create guidelines for how Federal agencies adopt, use, and select employees to participate in the training.
“Federal employees who are responsible for buying software and equipment for the government must be able to recognize potential cybersecurity threats in these products,” said Sen. Peters in an earlier statement. “This bipartisan legislation will help Federal employees deter foreign adversaries and criminal hackers from taking advantage of vulnerabilities in newly purchased technology to breach federal systems and disrupt our supply chains.”
The program is designed to educate Federal employees – including those in the legislative, judicial, and executive branches – about supply chain risk management and risks throughout the acquisition cycle. The overall goal is to mitigate potential supply chain security risks in Federal acquisitions.
Lawmakers believe that training and preparing Federal acquisition employees to recognize and mitigate these growing threats is an essential step in preventing hostile actors from compromising America’s national security.
“Counterintelligence training for Federal workers who buy and sell goods and services for the government is critical, especially at a time when our adversaries are aggressively and persistently attempting to breach our systems and steal information,” said Sen. Johnson. “This is essential training that will help close a potential gap in our cyber and physical security defenses.”
The legislation builds on an executive order from President Biden that made it easier for Federal agencies to share threat information, modernize their cybersecurity infrastructure, and enhance Federal software supply chain security in the wake of recent serious breaches.