Yesterday the House passed what was in effect the conference bill for the FY 2014 National Defense Authorization Act as an amendment to the previously passed HR 3404, a completely unrelated bill dealing with Medal of Honor awards. The actual bipartisan vote (350-69) was on H Res 441. The GPO does not yet have the actual language of either HR 3404 or H Res 441 available, but the House Armed Services Committee does have both a Committee Print of the amended language and the obligatory (as if it were actually a conference report) Explanatory Notes on its web site.
The verbiage of the adopted amendment is an amalgam of the House passed bill (HR 1960) and the Senate Armed Services Committee (S 1197; the whole Senate never could finish their consideration of the bill) put together by the leadership (Chairmen and Ranking Members, or more accurately their staffs) of the respective Armed Forces Committees.
The odd provision addressing the amendment of 15 USC 2602(2)(B)(v) to expand the TSCA firearms exemption has been removed from the NDAA (see page 49 of the Explanatory Notes).
There were a number of cyber related provisions in both the Senate and House bills and all were adopted to some extent in the final bill. There is a lengthy discussion (pages 137-145 of the Explanatory Notes) about the changes made in the various provisions in adopted version of the bill.
For the private sector one of those provisions is more than a little interesting. The House bill had a provision (§938) that would have required DOD to to establish an outreach and education program to assist small businesses to help them understand the cyber threat, and develop plans to protect their intellectual property and networks. There was not a similar provision in the Senate bill. The provision was included with some modifications in the current bill. This is how the Explanatory Notes (pg 141) explains the changes:
“We recognize the challenges faced by industry, especially small businesses, when it comes to understanding and defending against advanced cyber threats. There are a number of initiatives and mechanisms within the Department that address aspects of this challenge, such as the Defense Industrial Base Information Assurance/Cyber Security program. Because these other efforts exist, we believe that new programs are not needed. We believe, though, that inadequate attention has been paid to effectively coordinate those initiatives, focus them on supporting the needs of small businesses, or attempt to measure the strategic effectiveness of those programs.”
The revised version of HR 3404 will now go to the Senate for consideration, where it will likely pass with bipartisan support. I suspect that it will be adopted under the ‘without objections’ provision so as to avoid debate and amendment. If the bill is not adopted under such provisions it will not be able to be considered by the House until they come back to Washington in January (unless of course special provisions are made, unlikely).