Congress

House drills in on NBIB shift, cyber in NDAA

US Congress House side Shutterstock photo ID: 156615524 By mdgn editorial use only 

House Democrats get to put their stamp on the annual bill authorizing defense programs for the first time in a long time.The first look at the House 2020 defense bill released June 3 comes from the Emerging Threats and Capabilities subcommittee and puts more oversight on the National Background Investigations Bureau’s move from the Office of Personnel Management to the Defense Department.

A House Armed Services Committee staffer told reporters during a media briefing June 3 that "saying there’s a transfer is different than how that all plays out in practice." The committee’s primary concerns are protecting civil liberties, such as privacy, and separating security and intelligence functions as the NBIB shifts to the Defense Security Service (soon to be the Defense Counterintelligence and Security Agency).

The draft of the subcommittee's legislation also emphasizes tightening cybersecurity of weapons and industrial control systems.

Multiple watchdog and internal reports found that DOD's weapons and other mission systems were riddled with cyber vulnerabilities. The committee hopes to remedy that by mandating evaluations of cyber vulnerabilities of each major weapon system by December 31 and requiring notification and justification for not meeting the deadline. The defense undersecretary for acquisition and sustainment would also have to report on mitigation efforts.

Additionally, DOD may have to be more accountable when it comes to endpoint security. The Committee noted in its draft direct reporting language that DOD "still lags the private sector in accounting for endpoints connected to the Department of Defense Information Network."

As a result, the committee directs the DOD CIO to submit a report by Feb. 1, 2020 on the implementation plan with a detailed assessment on progress made, challenges encountered when trying to account for endpoints connected to the DODIN, and an overview of how "comply-to-connect" and "continuous monitoring" relate to the overall cybersecurity strategy.

The draft bill mandates DOD submit a comprehensive report on the Defense Industrial Base’s cybersecurity efforts to defense committees by May 1, 2020.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.


Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected