The Senate Homeland Security and Governmental Affairs Committee on Wednesday approved several bills aimed at strengthening the nation’s cyber and border security, including a measure that would direct the Department of Homeland Security to develop a risk framework that the federal government would use for open source software.
The Securing Open Source Software Act (S. 4913) also calls for the DHS Cybersecurity and Infrastructure Agency (CISA) to evaluate how the open source software risk framework could be used voluntarily by critical infrastructures in the private sector.
Sen. Rob Portman (R-Ohio), the ranking member on the committee and a co-sponsor of the bipartisan bill, said in a statement that “As we saw with the Log4shell vulnerability, the computers, phones, and websites we all use every day contain open source software that is vulnerable to attack.”
Other provisions of the bill would direct CISA to hire open source code developers to work with the open source community to address cyber vulnerabilities, such as the Log4j incident discovered in late 2021 and require the Office of Management and Budget to issue federal guidance on the secure use of open source software.
The committee also approved the Protecting the Border from Unmanned Aircraft Systems Act (S.4919), introduced by Sen. James Lankford (R-Okla.), that calls for an interagency strategy for a unified posture on counter-unmanned aircraft systems to protect U.S. borders. If enacted, the bill directs the Department of Homeland Security to develop a counter UAS strategy for the border within 180 days.
The Illicit DHS Cross Border Tunnel Defense Act (H.R. 4209), which passed the House in April, was also approved by the Senate panel. The bill would direct Customs and Border Protection, working with the Science and Technology Directorate, to develop a strategic plan to counter illegal cross-border tunneling. The plan would also promote the used of innovative technologies to identify, breach, assess and remediate these tunnels.
The committee also approved another bill that passed the House this year, the Industrial Control Systems Cybersecurity Training Act (H.R. 7777), that would that would require CISA to provide free training to the cybersecurity workforce on securing industrial control systems.
The committee also passed the Improving Digital Identity Act of 2022 (S. 4528), introduced by Sen. Kyrsten Sinema (D-Ariz.), would establish an Improving Digital Identity Task Force within the Executive Office of the President that would coordinate government wide “an effort to secure methods” at all levels of government to improve access and enhance security between physical and digital identity credentials.
The bills were passed unanimously by voice vote.