Bipartisan Senate bill aims to ban U.S. agency purchases of counterfeit electronics
Federal agencies would be prohibited from using certain products if they were purchased from an entity other than the original manufacturer or an authorized reseller under a new bipartisan Senate bill.
The Securing America’s Federal Equipment (SAFE) in Supply Chains Act was introduced Thursday by Sens. John Cornyn, R-Texas, and Gary Peters, D-Mich., who chairs the Senate Homeland Security and Governmental Affairs Committee.
According to a release, the bill is intended to address the increased risk of cyberattacks that target federal agencies by preventing the purchase and use of equipment from “grey-market sellers” that circumvent trusted supply chains to provide counterfeit products. The bill is specifically aimed at the purchase and use of “information and communications technology,” per the bill text.
“From the pandemic to Russia’s attack on Ukraine and other global conflicts, the last few years have taught us just how important a secure domestic supply chain is to America’s national security,” Cornyn said in a statement provided in the release. “This commonsense legislation would require government agencies to only purchase reliable electronics from trustworthy sellers, helping safeguard our cybersecurity from bad actors around the world.”
While acquisition rules for the military require contractors to acquire electronics from original equipment manufacturers or authorized resellers, the release said that there are still “many cases of federal government employees purchasing technology from grey-market sellers rather than authorized sellers.”
The legislation also includes language allowing heads of agencies to waive the prohibition on certain covered products if they determine there is a national security interest or the use of that product is necessary. To do that, the legislation states the official must give written notice to the director of the Office of Management and Budget.
OMB would also be required to submit a report to Congress on those waivers, including the number and types of covered products for which waivers were granted.
“The federal government has a responsibility to purchase technology that will help keep Americans’ data secure and strengthen our defense against a potential cyberattack,” Peters said in a statement. “This legislation takes an important step towards protecting our national security interests and securing our domestic supply chains.”
The bill comes as counterfeit devices have already been found in sensitive government and military systems.
In May, a man was sentenced to six years and six months for running an operation to traffic counterfeit Cisco equipment following prosecution by the Department of Justice. Those products often didn’t work or malfunctioned, and “numerous counterfeit devices originating” from the operation “were discovered in highly sensitive governmental applications, such as classified information systems,” according to a DOJ release at the time of his sentencing.
In a quote provided to FedScoop, Cisco’s Chief Government Strategy Officer Jeff Campbell said the company supports the legislation and looks forward to working with the senators on the issue.
“The risk of counterfeit components compromising our federal IT systems is a clear and present danger that must be addressed,” Campbell said. “At Cisco, we know that the security of technology is intrinsically linked to the trustworthiness of its source and support the bipartisan SAFE Act’s efforts to ensure that the lifeblood of our government’s digital infrastructure is drawn from secure and reputable sources.”
Editor’s Note, July 12, 2024: This story was updated with comment from Cisco in support of the SAFE Act.
