The House Energy & Commerce Committee Communications Subcommittee Tuesday is launching a bipartisan supply chain working group focused on the "myriad hardware and software components that make up the communications infrastructure."
The concern is the possibility of security breaches along the supply chain, from design to delivery to installation, hardware and software. Congress has been concerned for some time that the government had much work to do in securing the chain of technology and software that goes into government information technology, most of which is off-the-shelf technology from private companies, and most of that is made up of component parts supplied from companies outside the U.S. That raises the threat of malware or other cyber attacks.
The working group is being unveiled Tuesday (May 21) at a Communications Subcommittee cybersecurity hearing, "Cybersecurity: An Examination of the Communications Supply Chain."
The group will be co-chaired by House Intelligence Committee chairman Rep. Mike Rogers (R-Mich.) and ranking subcommittee member Anna Eshoo (D-Calif.). "Through stakeholder meetings, we can better understand what additional steps can be taken to protect U.S. telecommunications infrastructure from inappropriate foreign control or influence," said Eshoo in a statement.
Rogers is co-author of the cybersecurity bill that Republicans and the cable industry have backed as the best approach to insuring more sharing of cybersecurity information between government and industry.
Republicans have been concerned that if the government tries to dictate cybersecurity measures, it could reduce industry's flexibility to respond to threats in real time. "As I did last Congress, I will urge that we abide by a cyber Hippocratic Oath and first do no harm as we consider the tools available to the public and private sectors in making our communications supply chain secure," Subcommittee chairman Greg Walden plans to say to open Tuesday's hearing.