Representatives Scott Perry (R-PA) and Peter King (R-NY) are working on legislation that would expand Homeland Security’s authority to deny contracts to companies that pose cybersecurity supply chain threats. Meanwhile, members of the administration are pushing an even more expansive proposal.
The House bill is based on authorities Congress has already given the Defense Department. Under those rules, Pentagon contracting officers can bar vendors that pose a security risk from competing for contracts before they’re awarded and halt contractors from hiring risky subcontractors after an award. Under current DHS rules, intelligence agencies are only allowed to tell contracting officers that a particular vendor poses a security concern and whether the concern can be mitigated, not what the concern is.
A separate legislative proposal floated by the White House Thursday would give the DHS broad authority to bar contractors that present cybersecurity risks from civilian government contracts based on the advice of a “critical information technology supply chain risk evaluation board.” It would give similar power to the Pentagon for defense contracts and to the Office of the Director of National Intelligence for intelligence contracts.