As I noted yesterday Rep. Young (R,FL) introduced HR 2397, the Department of Defense Appropriations Act, 2014. As expected there is no specific language in the bill that deals with cybersecurity matters. The Committee Report that was filed with the bill does, however, address two cybersecurity issues; cyber incident response teams and Cyber Command funding.
Cyber Incident Response Teams
There is a brief, two paragraph discussion of National Guard Cyber Incident Response Teams on page 53 (Adobe 63) of the report. The concept discussed here is very broadly drawn, but appears to be somewhat similar to the ‘Cyber Warrior’ concept outlined in S 658 and HR 1640. The broad language includes the comment that:
“The Committee recognizes that the National Guard can fill the roles denoted in the President’s executive order. As dual use, cyber incident response teams, the Guard would focus on forensic analysis and defensive cyber operations, providing all purpose ‘‘triage’’ of local/state network incidents.”
There is one interesting comment here that might cause some consternation for the people who see black helicopters behind every tree. The closing comment states that these units “should be regionally located near established key infrastructure nodes for the internet to leverage their capabilities”. This is obviously (SARCASM ALERT) intended to allow the President to seize control of the internet.
The lack of specifics means that specific Congressional action will almost certainly be required before such teams are formed, but I would suspect that the National Guard Bureau will begin studying the concept.
Cyber Command Funding
Last year the Committee Report on HR 5856 included general language ‘suggesting’ that the Administration should “continue to refine what activities, budget lines, and programs should be considered cyber in order to better coordinate and track these budgets”. That was apparently not done to the satisfaction of the Committee so this year, on page 83 (Adobe 93) of the report they specify what section of the budgeting documents such information will be included:
“Funding for the United States Cyber Command, a subordinate unified command under the United States Strategic Command, currently is not discretely visible in the Air Force’s budget justification material. With the increased emphasis on cyber activities and related resourcing, the Committee directs [emphasis added] that beginning in fiscal year 2015, the Air Force’s budget justification material separately report and separately justify funds to support Cyber Command in sub-activity group 015A, ‘Combatant Commands Direct Mission Support’ and in sub-activity group 015B, ‘Combatant Command Core Operations’.”
As I mentioned yesterday, I suspect that this bill will be considered by the House next week under an open rule. I would not be surprised to see cybersecurity related amendments made from the floor.