Sunday, June 2, 2019

HR 2968 Introduced – FY 2020 DOD Spending

Last month Rep. Visclosky (D,NJ) introduced HR 2968, the Department of Defense Appropriations Act, 2020, and the House Appropriations Committee published their Report on the bill. There is no significant cybersecurity language in the bill itself, but the Report includes some interesting congressional directives on cyber operations and cybersecurity.

Cyber Operations

Congress continues to be concerned about workforce development issues related to cyber operations. The Committee discusses (pg 14) the option of identifying cybersecurity students for DOD cyber positions before graduation so that DOD can begin the security clearance application process before graduates are actually hired. This process could also help companies that do business with DOD in their graduate hiring process.

The Committee would also like to see (pg 30) DOD diversify their cybersecurity workforce by working with historically black colleges and universities and other minority focused educational institutions to develop cybersecurity graduates.

Congress has also bought into the latest cyber operations buzz phrase ‘persistent cyber engagement’ (a non-technical article here). The report acknowledges work by the Air Force Research Laboratory and  states (pg 281): “The Committee encourages the Secretary of the Air Force and the Commander of U.S. Cyber Command to continue and enhance efforts to support persistent cyber engagement.”

Finally, the Committee addressed support for cyber and electronic warfare technology for the dismounted soldier; this would allow for ‘situational awareness and force protection’ for individual soldiers on the battlefield. The Committee recommends that the Army “continue to develop sensors and prototyping efforts for a lightweight, low-power device that can perform cyber and electronic warfare” (pg 242) support for soldiers on the battlefield.


There are two separate discussions about cybersecurity issues in the Report. The first (pg 154) is more about physical security; it addresses current efforts by the Army to enhance security at installation entry points by the increased use of technology and artificial intelligence to monitor and control traffic flow into installations. The Committee recommends expanding the “technology deployments to the largest Army installations that could benefit from these operational improvements”.

The second cybersecurity topic relates to ‘additive manufacturing’ (3D printing). The security of this particular type of industrial control system is becoming more important as the defense industrial base begins to use this technology for the manufacture of critical components of aircraft and weapon systems. The report notes (pg 264) that:

“The Committee supports the development of digital protection of additive manufacturing equipment which is critical to securing future additive manufacturing capabilities for operational requirements. Protecting and securing these essential capabilities will ensure future capabilities.”

Moving Forward

This is a key spending bill that will move forward in the House, probably this month. It currently looks like there will be only minimal bipartisan support for the bill. The Minority Views section of the report (pgs 429 – 431) outline the areas where Republicans on the Committee take objection to the bill. Probably the biggest block to bipartisan support are provisions in the bill that would repeal the 2001 authorization for the use of military force that provide Congressional authorization for military actions in Afghanistan and Iraq, and obliquely support military activities against terrorist activities in other countries in the Middle East and Africa. While this will certainly not stop passage of the bill in the House it will pose a major impediment to conference bill development after the Senate passes their own version of the DOD spending bill.


Three of the topics mentioned above could have important civilian applications. The development of AI augmented access control could make large venue (including office buildings) security much more effective and less intrusive. Hopefully the Army work in this area is taking cognizance of the importance of the cybersecurity of the sensors, software and hardware associated with this technology so that cybersecurity is built into the process during development instead of having to be added on afterward. I am not going to hold my breath, however.

Techniques used to protect the sensors and communications of individual soldiers on the battlefield from enemy jamming and intrusion would have direct civilian applications in security of portable electronic devices including RFID equipped credit and identification cards. This is becoming an increasingly important security issue.

Finally, cybersecurity protections for 3D printing equipment is one of those palm-to-forehead ideas that needs serious consideration. Hacking 3D printing equipment to change printing code would allow the introduction of minute internal flaws in critical equipment. This could be used by foreign competitors (I did not say China) to cause quality control issues for US manufacturers that could keep them out of important world markets or even a new method of ransomware attacks against manufacturing facilities.

I am happy to see the increasing level of technical sophistication in this Committee Report. While some of this comes from DOD staffers working with Committee Staff, it also reflects a recognition by congressional leaders that there need to be more committee staffers with a technical background to better understand these issues. Hopefully this increasing sophistication will also be seen on more individual congresscritter staffs.

No comments:

/* Use this with templates/template-twocol.html */