The Supply Chain Security Training Act creates a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government’s information security.

 Federal employees need to know how to recognize possible threats when they are purchasing software and equipment that could allow bad actors a back door into government information systems.

Under the bill, the Office of Management and Budget (OMB) would develop guidance for federal agencies to adopt and use the training program, in addition to determining the process for selecting officials to participate in the training.

Criminals unleashed a massive ransomware attack in more than a dozen countries on Friday, affecting up to 1,500 organizations around the world, including a supermarket chain in Sweden and schools in New Zealand.

Security researchers linked the attack to a group called REvil, a Russian-speaking gang responsible for a ransomware attack on meat processor JBS at the end of May.

In the current incident, the attackers found a vulnerability in the product of Kaseya, a U.S.-headquartered company that provides software tools to its clients — IT outsourcing companies — which in turn provide services to their clients. Kaseya estimates that as many as 1,500 “downstream” businesses were affected.

Hackers have demanded $70 million in cryptocurrency in exchange for a key that decrypts all of the victims’ data.