Last month Rep. Visclosky (D,NJ) introduced HR 2968,
the Department of Defense Appropriations Act, 2020, and the House Appropriations
Committee published their Report
on the bill. There is no significant cybersecurity language in the bill itself,
but the Report includes some interesting congressional directives on cyber
operations and cybersecurity.
Cyber Operations
Congress continues to be concerned about workforce
development issues related to cyber operations. The Committee discusses (pg 14)
the option of identifying cybersecurity students for DOD cyber positions before
graduation so that DOD can begin the security clearance application process
before graduates are actually hired. This process could also help companies
that do business with DOD in their graduate hiring process.
The Committee would also like to see (pg 30) DOD diversify
their cybersecurity workforce by working with historically black colleges and
universities and other minority focused educational institutions to develop
cybersecurity graduates.
Congress has also bought into the latest cyber operations
buzz phrase ‘persistent cyber engagement’ (a non-technical article here).
The report acknowledges work by the Air Force Research Laboratory and states (pg 281): “The Committee encourages the
Secretary of the Air Force and the Commander of U.S. Cyber Command to continue
and enhance efforts to support persistent cyber engagement.”
Finally, the Committee addressed support for cyber and
electronic warfare technology for the dismounted soldier; this would allow for ‘situational
awareness and force protection’ for individual soldiers on the battlefield. The
Committee recommends that the Army “continue to develop sensors and prototyping
efforts for a lightweight, low-power device that can perform cyber and
electronic warfare” (pg 242) support for soldiers on the battlefield.
Cybersecurity
There are two separate discussions about cybersecurity
issues in the Report. The first (pg 154) is more about physical security; it addresses
current efforts by the Army to enhance security at installation entry points by
the increased use of technology and artificial intelligence to monitor and
control traffic flow into installations. The Committee recommends expanding the
“technology deployments to the largest Army installations that could benefit
from these operational improvements”.
The second cybersecurity topic relates to ‘additive
manufacturing’ (3D printing). The security of this particular type of
industrial control system is becoming more important as the defense industrial
base begins to use this technology for the manufacture of critical components
of aircraft and weapon systems. The report notes (pg 264) that:
“The Committee supports the
development of digital protection of additive manufacturing equipment which is
critical to securing future additive manufacturing capabilities for operational
requirements. Protecting and securing these essential capabilities will ensure future
capabilities.”
Moving Forward
This is a key spending bill that will move forward in the
House, probably this month. It currently looks like there will be only minimal
bipartisan support for the bill. The Minority Views section of the report (pgs
429 – 431) outline the areas where Republicans on the Committee take objection
to the bill. Probably the biggest block to bipartisan support are provisions in
the bill that would repeal the 2001 authorization for the use of military force
that provide Congressional authorization for military actions in Afghanistan
and Iraq, and obliquely support military activities against terrorist
activities in other countries in the Middle East and Africa. While this will
certainly not stop passage of the bill in the House it will pose a major
impediment to conference bill development after the Senate passes their own
version of the DOD spending bill.
Commentary
Three of the topics mentioned above could have important
civilian applications. The development of AI augmented access control could
make large venue (including office buildings) security much more effective and
less intrusive. Hopefully the Army work in this area is taking cognizance of
the importance of the cybersecurity of the sensors, software and hardware
associated with this technology so that cybersecurity is built into the process
during development instead of having to be added on afterward. I am not going
to hold my breath, however.
Techniques used to protect the sensors and communications of
individual soldiers on the battlefield from enemy jamming and intrusion would
have direct civilian applications in security of portable electronic devices
including RFID equipped credit and identification cards. This is becoming an
increasingly important security issue.
Finally, cybersecurity protections for 3D printing equipment
is one of those palm-to-forehead ideas that needs serious consideration.
Hacking 3D printing equipment to change printing code would allow the
introduction of minute internal flaws in critical equipment. This could be used
by foreign competitors (I did not say China) to cause quality control issues
for US manufacturers that could keep them out of important world markets or
even a new method of ransomware attacks against manufacturing facilities.
I am happy to see the increasing level of technical sophistication
in this Committee Report. While some of this comes from DOD staffers working
with Committee Staff, it also reflects a recognition by congressional leaders
that there need to be more committee staffers with a technical background to
better understand these issues. Hopefully this increasing sophistication will
also be seen on more individual congresscritter staffs.
Posts
No comments:
Post a Comment