House Cyber Panels NDAA Draft Prioritizes Commercial Tech, Expert Engagement
On Monday, the key House cybersecurity group released the proposed FY 2024 Homeland Defense Authorization Act, which outlines a series of steps to enhance the Department of Defense's internal strategy and leadership to drive their computer skills and enhance their development. Use of innovative technologies.
A bill from the House Armed Services Subcommittee on Cybersecurity, Information Technology, and Innovation, released Tuesday before the agenda, highlights the need to develop new testing programs, strategies, and research to advance adoption. of Next Generation Weapons and Products by the US Department of Defense. In addition to presenting a more comprehensive review of the Pentagon's cybersecurity initiatives.
Organizational change, innovation promotion efforts.
Among the group's legislative proposals are several attempts to restructure the Pentagon's governance and internal reporting structure to better interact with the commercial technology sector.
The bill specifically proposes that the director of defense innovation report directly to Secretary of Defense Lloyd Austin. Austin had previously announced in an April 4 memo that the DIU director would "report to, manage, and be controlled by the Secretary of Defense" rather than report to the Assistant Secretary of Defense for Research and Development.
Under the proposed legislation, Austin should review DIU staffing "to determine whether the staff is adequately staffed to achieve its objectives" and then submit a report to Congress outlining any plans to correct the situation within 180 days. to NDAA approval. Identification of lack of funds or personnel.
With a new focus on "commercial technology integration" at the Pentagon, the position of Assistant Secretary of Defense for Research and Development will be replaced by Assistant Secretary for Technological Integration and Innovation.
The commission's proposed NDAA provisions will create and expand innovation programs to help the Pentagon more easily implement new technologies.
The bill specifically establishes "the Department of Defense Advanced Quantum Computing Applications Testing Program" to coordinate with the quantum industry and launch the federally funded research and development center, or FFRDC. The regulation requires the legislature to adopt, by March 1, 2024, "a summary of the procedures and plans for selecting the FFRDC and establishing this pilot program," as well as annual reports "identifying the status and areas of concern." . pilot program". and analysis of the results of participation in the pilot program”.
In addition, the proposal calls for a nearly four-year extension of the Defense Department's National Pilot Investment Program under the Small Business Innovation Research Program to "expand contracts with potential investors."
Directs Defense Department officials to report to the House Armed Services Committee on the Pentagon's progress with its AI training strategy, as well as information service requirements to support the Pentagon's artificial intelligence and machine learning capabilities. department.
Additional research, workforce for IT initiatives
The group rule also calls for increased engagement between the Department of Defense and private sector cybersecurity experts, and the prioritization of work to identify potential cyber vulnerabilities in the Department and refine threat mitigation initiatives during a briefing by the Department. Pentagon for Department officials.
One of the provisions would be the creation of an "Office of Cyber Academic Engagement" - under the Department of Defense Director of Information - responsible for "establishing and maintaining academic relationships" at the Pentagon, including organizations involved in elementary, secondary and tertiary education.
The bill gives the Pentagon and its military services the legal authority to "provide voluntary and free services of civilian cybersecurity experts to train military personnel on technical matters." The regulation also "strengthens the legal framework" for the Marine Corps Cyber Assistant program, which provides a formal process for such volunteer service, allowing other units to create similar Cyber Assistant programs, the regulation says. .
In addition, the bill would require Defense Department officials to provide briefings and reports to the entire House Armed Services Committee and to Congress on various cybersecurity-related topics.
This includes having the CIO of the US Department of Defense tell the panel about the Pentagon's "loophole" in its bring-your-own-device, or BYOD, policy. While the law states that the department's BYOD programs will "provide secure communications to a broader range of employees," the current policy restrictions "will impact employees' ability to connect to critical internal systems to the point of impact." said. 5/ Controlled unclassified information.
The bill also states that the Department of Defense will use what it calls cyber red teams to "identify critical problems and enhance defense capabilities, and make decisions for cyber operations at the operational level." Lawmakers are concerned that by the end of the year, the Defense Department CIO will have to brief the entire committee to address the challenges facing these groups, including a lack of resources, personnel and "the need for automated capability to reduce the Workload". " Modernization teams and efforts are focused on "using cyber risk intelligence, risk modeling, automation, AI/machine learning capabilities, and data collection and correlation."
The Pentagon CIO is required to report to House committees on cybersecurity efforts to support the defense industry base, those efforts that are "exemplary or satisfactory, and those efforts that are underutilized or ineffective."
Department of Defense officials will brief the House and Senate Armed Services Committees on the Department's efforts to implement Zero Trust, including "deployment priorities and associated timelines" and how the Department can "best utilize forces of the National Guard and Reserve in cyberspace. . ."
