From E&E News:

“Up until now, there really hasn’t been an overarching strategy,” said Kathryn Waldron, national security and cybersecurity research associate at the right-of-center R Street Institute think tank, who cited passage of the SECURE Technology Act as a sign of progress. “Part of it has to do with the fractured nature of issues like supply-chain security: What is a risk for one agency may not be the risk for another agency.”

“One of the issues with the lack of transparency is that these companies are also being used in the private sector,” Waldron said. “If the government isn’t straightforward about saying, ‘We see these as risks,’ then private-sector companies will be less likely to look at these products and assess whether they’re putting themselves at risk.”