May 18, 2023

The House Homeland Security Committee has advanced legislation aimed at protecting the federal government and vital infrastructure by securely accessing open-source software. It requires the Cybersecurity and Infrastructure Security Agency (CISA) to create a risk strategy that outlines how the federal government may rely on open-source code.

The proposed legislation directs CISA to create a risk framework for federal government usage of open-source software, as well as to hire a dedicated staff of open-source security experts and engineers to strengthen the code’s protection against any future digital threats.

This proposal, which parallels a bill passed by the Senate Homeland Security Committee in March, is in reaction to a security weakness discovered last year in Log4j, a widely used open-source code. According to CISA estimates, the intrusion affected a large number of devices worldwide.

In addition, the committee adopted another measure that directs CISA to develop a program to give cybersecurity training to Homeland Security Department personnel who are not already employed in such jobs. The measure also requests that the Department of Homeland Security’s (DHS) undersecretary for management assist in the recruitment and identification of prospective personnel for this program.

Meanwhile, the Senate Homeland Security Committee advanced cybersecurity legislation by passing a bipartisan bill requiring CISA to provide commercial satellite owners and operators with information and resources to strengthen defenses against cyberattacks, particularly from hostile nation states.

The sources for this piece include an article in TheRecord.