Earlier this month Rep. Thornberry (R,TX) introduced HR 5515,
the National Defense Authorization Act for FY 2019. The bill has been marked-up
by the House Armed Services Committee and its subcommittees and the Committee
Report on the bill has been published. As is to be expected, the bill
contains a number of cyber provisions, some of which may be of specific
interest to members of the cybersecurity community.
The major cyber provisions in the bill are found in Subtitle
C of Title XVI. They include:
• §1631. Amendments to pilot program regarding cyber
vulnerabilities of Department of Defense critical infrastructure.
• §1632. Budget display for cyber
vulnerability evaluations and mitigation activities for major weapon systems of
the Department of Defense.
• §1633. Transfer of responsibility
for the Department of Defense Information Network to United States Cyber
Command.
• §1634. Pilot program authority to
enhance cybersecurity and resiliency of critical infrastructure. (pg 754)
• §1635. Pilot program on regional
cyber security training center for the Army National Guard. (pg 756)
• §1636. Procedures and reporting
requirement on cybersecurity breaches and loss of personally identifiable
information.
• §1637. Cyber institutes at the
senior military colleges.
• §1638. Study and report on reserve component cyber
civil support teams. (pg 763)
Cybersecurity Provisions
Three of the sections mentioned above may be of interest to
the cybersecurity community.
Section 1634 would authorize DOD to detail up to 50 cybersecurity
technical personnel to assist DHS. While the DOD assistance is specifically
targeted at supplementing the operations of the National Cybersecurity and
Communications Integration Center (NCCIC), the support authority would extend
to other DHS operations as well. This authority is for a ‘pilot program’ that
would expire on September 30th, 2020.
Section 1635 would authorize the Department of the Army to establish
a pilot training center for National Guard cyber protection teams and cyber
network defense teams. The goal would be to establish common training standards
to allow these teams to defend {§1635(c)(1)(A)}:
• The information network of the Department
of Defense in a State environment;
• While acting under title 10,
United States Code, the information networks of State governments; and
• Critical infrastructure.
The pilot program would include activities that would {§1635(d)}:
• Provide joint education and
training and accelerating training certifications for working in a cyber range;
• Integrate education and training
between the National Guard, law enforcement, and emergency medical and fire
first responders;
• Provide a program to continuously
train the cyber network defense teams to not only defend the information
network of the DOD, but to also provide education and training on how to use
defense capabilities of the team in a State environment; and
• Develop curriculum and educating
the National Guard on the different missions carried out under titles 10 and
32, United States Code, in order to enhance interagency coordination and create
a common operating picture.
Section 1638 would require DOD to conduct a study “on the
feasibility, advisability, and necessity of the establishment of reserve
component cyber civil support teams for each State” {§1638(a)}. The section provides a comprehensive list
of requirements for the study that specifically includes {§1638(b)}:
• An examination of the potential
ability of the teams referred to in such subsection to respond to an attack,
natural disaster, or other large-scale incident affecting computer networks,
electronics, or cyber capabilities;
• An analysis of State and local
civilian and private sector cyber response capabilities and services, including
an identification of any gaps in such capabilities and services; and
• Any effects on the privacy and
civil liberties of United States persons that may result from the establishment
of such teams.
The study would also be required to look at how the establishment
of such teams would affect the operations DOD cyber mission forces and DHS
cyber incident response activities.
Moving Forward
As I reported
last week, the House Rules Committee announced that they were taking
potential amendments to HR 5515. Those amendments were supposed to have been
submitted by last Thursday. The Committee web site lists 564
amendments that have been submitted. Some of the amendments that may be of
interest include:
|
55
|
Requires the Secretary of Defense to provide Congress a
report on malicious cyber activities against the DOD systems within the past
24 months by the Russian Federation
|
|
|
78
|
Establishes the DOD Cyber Institute to serve as the
principal Department entity for facilitating cyber cooperation between the
Department and outside entities, including industry, academia, and other
government organizations.
|
|
|
179
|
Directs the Secretary of Defense to develop plans for
early detection, mitigation, and defense against state sponsored cyberattacks
targeting federal public election assets, election administrators, election
workers, or voter engagement efforts.
|
|
|
189
|
Seeks a report on the feasibility of the DOD developing a
cybersecurity apprentice program that provides on the job training for certain
cybersecurity positions and in support of acquisition of cybersecurity
certifications.
|
|
|
337
|
Contains the Coast Guard Authorization Act of 2017
|
|
|
405
|
Directs the Secretary of Defense, in consultation with the
Hollings Manufacturing Extension Partnership (MEP) and the Office of Small
Business Programs, to establish a pilot program to extend the sharing of
cyber threat information to contractors, including small and medium-sized
manufacturers, who otherwise do not have appropriate security clearance
|
|
|
436
|
Prohibits the use of funds for cyber collaborations with
China and Russia.
|
|
|
558
|
Late Supports state-led efforts to enhance
cybersecurity by establishing a 5-year pilot program of National Guard cyber
civil support teams in 10 states.
|
|
|
563
|
Late Amendment directs Secretary of Defense to
develop effective countermeasures for cyber weapons developed for offensive
purposes.
|
The Rules Committee will meet on Monday to set the general
debate rule for this bill and then again on Tuesday to determine what
amendments will be authorized to be considered on the floor of the House. The
House will take up the bill this week and will almost certainly pass it with
some level of bipartisan support.
Posts
No comments:
Post a Comment