Securing the Homeland Security Supply Chain Act of 2018
This bill amends the Homeland Security Act of 2002 to authorize the Department of Homeland Security (DHS) to restrict procurement of information technology, telecommunications equipment and services, and related products or services (covered articles), if it determines that a vendor of such products and services poses a risk to the DHS supply chain. After determining that such a risk exists, DHS may limit the disclosure of information relating to the basis for restricting a procurement and may exclude a vendor from the procurement process. The bill requires DHS to make certain security-related determinations and provide notifications before it can exercise the authority to restrict procurement of any covered article.
The bill defines "supply chain risk" as the risk that a malicious actor may sabotage, maliciously introduce an unwanted function, extract or modify data, or otherwise manipulate the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered article.