House drills in on NBIB shift, cyber in NDAA

US Congress House side Shutterstock photo ID: 156615524 By mdgn editorial use only 

House Democrats get to put their stamp on the annual bill authorizing defense programs for the first time in a long time.The first look at the House 2020 defense bill released June 3 comes from the Emerging Threats and Capabilities subcommittee and puts more oversight on the National Background Investigations Bureau’s move from the Office of Personnel Management to the Defense Department.

A House Armed Services Committee staffer told reporters during a media briefing June 3 that "saying there’s a transfer is different than how that all plays out in practice." The committee’s primary concerns are protecting civil liberties, such as privacy, and separating security and intelligence functions as the NBIB shifts to the Defense Security Service (soon to be the Defense Counterintelligence and Security Agency).

The draft of the subcommittee's legislation also emphasizes tightening cybersecurity of weapons and industrial control systems.

Multiple watchdog and internal reports found that DOD's weapons and other mission systems were riddled with cyber vulnerabilities. The committee hopes to remedy that by mandating evaluations of cyber vulnerabilities of each major weapon system by December 31 and requiring notification and justification for not meeting the deadline. The defense undersecretary for acquisition and sustainment would also have to report on mitigation efforts.

Additionally, DOD may have to be more accountable when it comes to endpoint security. The Committee noted in its draft direct reporting language that DOD "still lags the private sector in accounting for endpoints connected to the Department of Defense Information Network."

As a result, the committee directs the DOD CIO to submit a report by Feb. 1, 2020 on the implementation plan with a detailed assessment on progress made, challenges encountered when trying to account for endpoints connected to the DODIN, and an overview of how "comply-to-connect" and "continuous monitoring" relate to the overall cybersecurity strategy.

The draft bill mandates DOD submit a comprehensive report on the Defense Industrial Base’s cybersecurity efforts to defense committees by May 1, 2020.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.