Last week Sen. Cochran (R,MS) introduced S 3000,
the Department of Defense Appropriations Act, 2017. As we have come to expect
with the DOD spending bill there is no specific mention of cybersecurity issues
in the bill itself, but there are numerous references found in the Senate
Appropriations Committee
report on the bill. Few of the references have any direct impact on the
industrial control system community, but operations of the largest cyber-active
organization in the country will inevitably have an influence on all cybersecurity
operations.
Cyber Defenses
With breaches of information systems being daily news the
Committee is directing DOD to (Pg 183) “to undertake a comprehensive review of
classified systems and systems that have PII information, and validate that
protection measures are in place to insure data integrity and appropriate
access” and report back to Congress with the results of the review.
Counterfeit Parts
The Committee continues to be concerned about the issue of
counterfeit electronic parts. While recognizing that suppliers have the primary
responsibility to prevent the use of these counterfeit parts, the Committee
wants DOD (pgs 32-3) “to be proactive about identifying, developing, and
validating independent tools that suppliers could easily use to rapidly identify
counterfeit electronics in the supply chain accurately and at low cost”.
Cyberwarfare Training
Training for the cyberwarfare force continues to be a matter
of concern for the Committee and the Report reflects this by identifying a
number of specific training issues that it wants to see DOD address. These
areas include
• Training shortfalls in the cyber
kinetic combat environment (pg 33);
• Expanding training to sites with
Active or Reserve components with secure infrastructure and qualified cyber
personnel, including aggressor units and cyber red team units, capable of
training military personnel in various cyber missions (pg 34); and
• Development of a competitive hacking environment
that includes the ability for participants to build novel working exploits and
defend against them (pg 34).
Cybersecurity Research
The Committee recognizes that building an effective
cyberwarfare force is going to require additional R&D efforts. The
Committee report identifies three specific areas that are of immediate concern
in the R&D realm:
• The interdisciplinary nature of
cyber systems including consideration of the role of human behavior (pg 160);
• Research in automated exploit
generation, exploit hardening, and vulnerability identification capabilities of
systems when source code is not available, and to focus on implementation,
integration, and software tooling (pg 183); and
• Support institutions with strong
cybersecurity, cyber-physical, and networks of systems research programs that
will develop methods to identify vulnerabilities in large networked systems,
rapidly prototype and build security prototypes and tools, and with
institutional capabilities to transfer basic research into Department of
Defense mission areas and platforms (pg 183).
UAS Defense
The Committee recognizes that the ubiquity of civilian and
military unmanned aerial systems (UAS) means that a wide variety of adversaries
are going to be able to deploy such devices against US forces. The Committee is
encouraging DOD (pg 168) to continue research and development of tactics using
radar systems, advanced communications, and cyber security technologies to
counter UAS threats.
Moving Forward
The Defense spending bill is one of the bills that the House
and Senate leadership would certainly want to see on the floor of both houses
before the summer recess in mid-July. The two separate bills would then be
combined in a conference committee with the desire to see final action before
the end of the fiscal year. This Senate bill may not be able to get to the
floor, however, because of Democratic concerns about increases in spending. If
it is held up, it will be interesting to see if Sen. McCain modifies the
spending levels in a subsequent bill in response to those concerns to move a
bill to the floor, or waits to try to push the issue forward after the
election.
Posts
No comments:
Post a Comment