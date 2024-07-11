Federal government agencies would be prohibited from using certain products if they were purchased from an entity other than the original manufacturer or an authorized reseller under a new bipartisan Senate bill.

The Securing America’s Federal Equipment (SAFE) in Supply Chains Act was introduced Thursday by Sens. John Cornyn, R-Texas, and Gary Peters, D-Mich., who chairs the Senate Homeland Security and Governmental Affairs Committee.

According to a release, the bill is intended to address the increased risk of cyberattacks that target federal agencies by preventing the purchase and use of equipment freom “grey-market sellers” that circumvent trusted supply chains to provide counterfeit products. The bill is specifically aimed at the purchase and use of “information and communications technology,” per the bill text.

“From the pandemic to Russia’s attack on Ukraine and other global conflicts, the last few years have taught us just how important a secure domestic supply chain is to America’s national security,” Cornyn said in a statement provided in the release. “This commonsense legislation would require government agencies to only purchase reliable electronics from trustworthy sellers, helping safeguard our cybersecurity from bad actors around the world.”

While acquisition rules for the military require contractors to acquire electronics from original equipment manufacturers or authorized resellers, the release said that there are still “many cases of federal government employees purchasing technology from grey-market sellers rather than authorized sellers.”

The legislation also includes language allowing heads of agencies to waive the prohibition on certain covered products if they determine there is a national security interest or the use of that product is necessary. To do that, the legislation states the official must give written notice to the director of the Office of Management and Budget.

OMB would also be required to submit a report to Congress on those waivers, including the number and types of covered products for which waivers were granted.

“The federal government has a responsibility to purchase technology that will help keep Americans’ data secure and strengthen our defense against a potential cyberattack,” Peters said in a statement. “This legislation takes an important step towards protecting our national security interests and securing our domestic supply chains.”

The bill comes as counterfeit devices have already been found in sensitive government and military systems.

In May, a man was sentenced to six years and six months for running an operation to traffic counterfeit Cisco equipment following prosecution by the Department of Justice. Those products often didn’t work or malfunctioned, and “numerous counterfeit devices originating” from the operation “were discovered in highly sensitive governmental applications, such as classified information systems,” according to a DOJ release at the time of his sentencing.