Wednesday, January 12, 2022

S 2201 Passed in Senate – Supply Chain Security Training

Yesterday the Senate took up S 2201, the Supply Chain Security Training Act of 2021. The reported version of the bill was withdrawn and the Senate considered an amendment (SA 4899) in the form of a substitute. The amendment and the bill were adopted by unanimous consent without debate.

The substitute language in SA 4899 was nearly identical to the substitute language that was reported by the Senate Homeland Security and Governmental Affairs Committee. The only difference in the new language was the addition of the phrase “and the Director of the National Institute of Standards and Technology” at the end of §2(c)(2).

The bill now goes to the House for consideration. If/when the bill makes it to the floor for consideration it will likely be taken up under the suspension of the rules process. This would mean limited debate and the bill would require a supermajority to pass. Based upon the action in the Senate, I would suspect to see the bill receive substantial bipartisan support.

It is interesting to see that there is no definition of ‘supply chain security’ included in this bill. With both CISA and NIST referred to as coordination targets, I would suspect that the crafters were at least partially considering protecting hardware and software against unauthorized manipulation in transit between the manufacturer and the Federal user. It could also mean ensuring that there were backup suppliers vetted and approved in the event the primary provider is unable to keep supplies moving due to conditions (like Covid for example) beyond their immediate control.

No comments:

/* Use this with templates/template-twocol.html */