Defense Department

Defense bill emphasizes cyber operations

US Cyber Command logo

The National Defense Authorization Act could lead to an increase in the stature of the U.S. Cyber Command, currently subordinate to U.S. Strategic Command.

The Defense Department is taking more aggressive steps in cyberspace, including clearer authorities, more oversight and a key partnership to identify and address gaps, due to provisions in the National Defense Authorization Act for fiscal 2013.

Those provisions in the NDAA, which President Barack Obama signed into law on Jan. 2, require DOD officials to report on cyber operations to Congress on a quarterly basis, beginning March 1. It also outlines authorities and expectations for military forces in cyberspace.

‘‘The Secretary of Defense shall provide to the Committees on Armed Services of the House of Representatives and the Senate quarterly briefings on all offensive and significant defensive military operations in cyberspace carried out by the [DOD] during the immediately preceding quarter,” the NDAA text reads. It also orders the defense secretary to provide within 90 days “a briefing on the interagency process for coordinating and de-conflicting full-spectrum military cyber operations for the federal government,” as well as future cyber budgeting justification.

The NDAA text includes guidelines for faster reporting of network penetrations, as well as language that appears to open the door to elevating Cyber Command from a sub-unified command. Currently CYBERCOM is subordinate to U.S. Strategic Command, which is one of the military’s nine unified combatant commands. However, the Act's language is cautious: In a section titled "Sense of Congress on the United States Cyber Command," the Act notes that  "Congress expects to be briefed" on any proposed change to the command's status, including an outline of the expected benefits of the change and an estimate of the cost.  

Among the provided cyber authorities are clandestine operations and green lights for activities to, among other things, develop cyber weapons systems. There are details for implementing the much-discussed Joint Information Environment, as well as a next-generation, host-based DOD network defense.

That open-architecture, “plug-and-play” network defense system would need to be available for cloud environments as well as the battlefield, and would need to overcome shortfalls in current systems that “cannot address new or rapidly morphing threats; consume substantial amounts of communication capacity to remain current with known threats and to report current status; or consume substantial amounts of resources to store rapidly growing threat libraries.”

Additionally, the NDAA touches on better software security and more competition for acquiring large-scale data systems and tools.

To help DOD achieve the forward-looking cyber focus called for in the NDAA, science and technology also take on key roles, including research and development as well as workforce recruiting and training. The bill also directs the department to partner with the National Research Council for a full-scale review of specialized DOD programs science, technology, engineering, mathematics and management to meet evolving, high-tech and much-needed military skills.

The review will include an assessment of DOD’s needs for STEM professionals, an analysis of resources to find them, the need and costs for existing and potential in-house STEM-focused educational institutions and recommendations for identifying, managing and sourcing to meet DOD needs.

“The conferees recognize that fostering and increasing the science, technology, engineering, mathematics, and technology management skills of the DOD workforce is an ongoing challenge,” notes in the bill stated. “The conferees look forward to discussing these challenges with the department as the terms of reference for this effort are developed.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group