Cyber defense gets more prominent role -- with clearer authorities and greater oversight -- under National Defense Authorization Act for 2013.
The National Defense Authorization Act could lead to an increase in the stature of the U.S. Cyber Command, currently subordinate to U.S. Strategic Command.
The Defense Department is taking more aggressive steps in cyberspace, including clearer authorities, more oversight and a key partnership to identify and address gaps, due to provisions in the National Defense Authorization Act for fiscal 2013.
Those provisions in the NDAA, which President Barack Obama signed into law on Jan. 2, require DOD officials to report on cyber operations to Congress on a quarterly basis, beginning March 1. It also outlines authorities and expectations for military forces in cyberspace.
‘‘The Secretary of Defense shall provide to the Committees on Armed Services of the House of Representatives and the Senate quarterly briefings on all offensive and significant defensive military operations in cyberspace carried out by the [DOD] during the immediately preceding quarter,” the NDAA text reads. It also orders the defense secretary to provide within 90 days “a briefing on the interagency process for coordinating and de-conflicting full-spectrum military cyber operations for the federal government,” as well as future cyber budgeting justification.
The NDAA text includes guidelines for faster reporting of network penetrations, as well as language that appears to open the door to elevating Cyber Command from a sub-unified command. Currently CYBERCOM is subordinate to U.S. Strategic Command, which is one of the military’s nine unified combatant commands. However, the Act's language is cautious: In a section titled "Sense of Congress on the United States Cyber Command," the Act notes that "Congress expects to be briefed" on any proposed change to the command's status, including an outline of the expected benefits of the change and an estimate of the cost.
Among the provided cyber authorities are clandestine operations and green lights for activities to, among other things, develop cyber weapons systems. There are details for implementing the much-discussed Joint Information Environment, as well as a next-generation, host-based DOD network defense.
That open-architecture, “plug-and-play” network defense system would need to be available for cloud environments as well as the battlefield, and would need to overcome shortfalls in current systems that “cannot address new or rapidly morphing threats; consume substantial amounts of communication capacity to remain current with known threats and to report current status; or consume substantial amounts of resources to store rapidly growing threat libraries.”
Additionally, the NDAA touches on better software security and more competition for acquiring large-scale data systems and tools.
To help DOD achieve the forward-looking cyber focus called for in the NDAA, science and technology also take on key roles, including research and development as well as workforce recruiting and training. The bill also directs the department to partner with the National Research Council for a full-scale review of specialized DOD programs science, technology, engineering, mathematics and management to meet evolving, high-tech and much-needed military skills.
The review will include an assessment of DOD’s needs for STEM professionals, an analysis of resources to find them, the need and costs for existing and potential in-house STEM-focused educational institutions and recommendations for identifying, managing and sourcing to meet DOD needs.
“The conferees recognize that fostering and increasing the science, technology, engineering, mathematics, and technology management skills of the DOD workforce is an ongoing challenge,” notes in the bill stated. “The conferees look forward to discussing these challenges with the department as the terms of reference for this effort are developed.”