What the latest defense bill has to say about cyber

secure network (vs148/

The next defense spending bill could have a slew of new cyber provisions aimed at streamlining the Defense Department’s collaboration with the rest of government regarding cyber threats.

The House Armed Services Committee's Subcommittee on Emerging Threats and Capabilities released a markup of the 2019 National Defense Authorization Act on April 26 that includes a range of cyber provisions and recommendations focusing on expanding cyber forces, protecting critical infrastructure and consolidating cyber responsibilities.

Key provisions include:

Studying state cyber teams. The markup calls for Departments of Defense and Homeland Seucurity to jointly study and report on the viability of a cyber civil support teams in each state. Teams would include members of the military’s reserve components and serve under state governors’ command and control “to prepare for and respond to cyber incidents, cyber emergencies, and cyber attacks.”

Protecting critical infrastructure with more hackathons. The Defense Digital Service would be included in a pilot program to facilitate collaboration by having the DOD provide technical personnel to DHS and unify government efforts regarding critical infrastructure protection against cyber threats. The committee noted DDS’ past success with the “Hack the Pentagon” program and cited expanding the use of bug bounty programs as reason to add the agency to the pilot.

Boosting breach notification requirements. DOD would have to “promptly” notify congressional oversight committees following any breach that involved “a significant loss of personally identifiable information of civilian or uniformed members of the Armed Forces in classified or unclassified formats.”

Prioritizing tech needs at DOD installations. The committee recommended the Defense Innovation Unit Experimental prioritize critical technological needs at DOD installations and “invest in the rapid insertion of innovative installation capabilities.” DIUx’s director would be required to brief the House Armed Services Committee on this work by Oct. 1.

Fully integrating DIUx’s Silicon Valley vibe into defense labs. DOD’s laboratories should have a tighter relationship with innovation hubs, such as DIUx, the Strategic Capabilities Office and the Defense Advanced Research Projects Agency. The Defense undersecretary for research and engineering would have to brief the HASC by Oct. 1 with a plan and timeline on increasing labs’ reach in commercial innovation spaces. 

Mapping cyber vulnerabilities in weapons systems. The defense secretary would need to provide a “consolidated display for cyber vulnerability evaluations and mitigation activities for each major weapon system beginning in fiscal year 2021,” including each system’s status, funding requirements and planned activities descriptions.

Cyber Command absorbing (some of) DISA’s responsibilities. The U.S. Cyber Commander would take over the Defense Information Systems Agency commander’s responsibilities pertaining to protection of the Joint Force Headquarters-DOD’s information networks (DODIN) by Sept. 30, according to the provision. FCW previously reported on the proposed slow transfer of DISA’s purview to Cyber Command.

The markup will be considered by the full committee on May 9.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.