A new bill has been introduced by a U.S. House lawmaker with the aim of protecting federal government networks from attacks by adversaries such as China and Russia. Rep. Pat Fallon (R-Texas), who serves on armed services and oversight committees, stated that his legislation, known as H.R.9500, would require the federal government to only purchase electronic devices from trusted sources. Fallon emphasized the threat posed by offensive cyber-operations enabled by artificial intelligence, which could potentially lead to devastating attacks on sensitive networks within the country.
According to Fallon’s statement released on September 13th, adversaries have been targeting hardware and software systems in the U.S. government through the sale of counterfeit products via “grey market” sellers. These products are falsely marketed as genuine hardware but allow adversaries to gain access to government systems, making subsequent cyber-attacks much easier.
The bill is called the Securing America’s Federal Equipment (SAFE) Supply Chains Act and would prohibit agency heads from procuring or using a “covered product” from any entity other than an original equipment manufacturer or authorized reseller. The bill defines a covered product as an information and communications technology end-use hardware product or component.
Under this legislation, agency heads can request waivers for covered products by filing written notices with the director of the Office of Management and Budget. These notices must include justifications for waivers, implemented security mitigations, and plans of action to avoid future waivers for similar purchases.
Fallon stressed that given peak instability and danger in today’s world, it is crucial to protect vulnerable systems from cyber-attacks launched by adversaries.
This bill aligns with S.4651 introduced in July by Sens. John Cornyn (R-Texas) and Gary Peters (D-Mich.), emphasizing that it is essential for the federal government to purchase technology that enhances data security while strengthening defense against potential cyber threats.
In recent months, warnings have been issued about China pre-positioning malware in U.S. systems in preparation for conflict while dismantling dangerous malware embedded in critical infrastructure networks attributed to Chinese hackers has also taken place.
Additionally, charges were filed against seven Chinese nationals involved in a hacking group targeting U.S., foreign critics/businesses/political officials over 14 years; an advisory was issued about a Russian military unit responsible for global cyber attacks; Rep.Fallon previously introduced H.R6573 prohibiting data brokers from selling military personnel data to adversarial nations including China/Russia.