Intel act highlights cyber, STEM and Russia

More than half way through the fiscal year, Congress has passed the 2017 Intelligence Authorization Act, which emphasizes recruiting professionals in science, technology, engineering and math;  improving cybersecurity; and countering Russian influence operations.

The act calls on the Office of the Director of National Intelligence to draft a five-year investment strategy for outreach and recruiting of STEM professionals with an emphasis on cybersecurity and computer skills. Each intelligence agency is directed to develop similar investment plans.

The act also states that agencies may establish higher rates of pay for STEM personnel to assist in recruiting and retention. The DNI is further directed to "improve management of the workforce of the intelligence community," by enabling agencies "to build and maintain an appropriate mix between employees of the United States Government and core contractors."

The STEM provisions in the act highlight the fact that the federal government is taking seriously the need to have parity with the private sector in order to compete for talent, said Jonathan Clifford, director of national security for the Information Technology Alliance for the Public Sector (ITAPS).

"The intelligence community is no different and they need to attract the best workforce that they can, and this certainly gets at this problem," he told FCW.

The intelligence act goes on to direct the FBI to report to Congress on efforts to integrate IT expertise into the investigative process and assess "progress on initiatives to recruit, train, and retain personnel with the necessary skills and experiences in vital areas, including encryption, cryptography, and big data analytics."

The FBI is also to report on the quality and quantity of collaborations with the private sector on "cyber issues, including the status of efforts to benefit from employees with experience transitioning between the public and private sectors."

With Congress in the process of carrying out multiple investigations into Russia's efforts to influence the 2016 presidential election, the act creates a new interagency committee to counter Russian covert influence activities.

That committee will be led by the DNI, the attorney general, the FBI director and the secretaries of the Defense, State, Treasury and Energy departments.

The committee is tasked with countering "active measures by Russia to exert covert influence, including by exposing falsehoods, agents of influence, corruption, human rights abuses, terrorism, and assassinations carried out by the security services or political elites of the Russian Federation or their proxies."

The act also specifically calls for an evaluation of cybersecurity at U.S. seaports. It mandates that the director of the National Security Agency provide annual reports to Congress on national security systems, in particular what systems or components have been decertified but are still in use and systems that are known to be out of compliance.

Clifford said that has been an area of focus for ITAPS, and the alliance is pleased to see emphasis on addressing legacy systems in the legislation.

"It speaks to the seriousness with which IT modernization is viewed as a component of national security," he said.

The act's report produced by the House and Senate intelligence committees -- referred to as the "Agreement" -- details additional actions to be taken by the IC and the administration.

The president is directed to form an "independent, external panel of at least five individuals with significant intelligence and national security expertise to review ODNI's roles, missions and functions and make recommendations, as needed, regarding its authorities, organization and resources."

In addition, the secretary of Defense is directed to provide Congress with a briefing on the dual-hat leadership structure of the NSA and U.S. Cyber Command.

"The congressional intelligence committees further believe that a larger organizational review of NSA should be conducted with respect to the eventual termination of the dual-hatting relationship," states the Agreement, which adds that the evaluation needs to determine what steps would be necessary to transition NSA to a civilian-led agency.

The DNI is also directed to brief Congress "on options to better align the structure, budgetary procedures, and oversight of NSA with its national intelligence mission in the event of a termination of the dual-hatting relationship."

Additional provisions of the Agreement include an evaluation of measures to increase IC supply chain cybersecurity, including requiring "counterintelligence and security assessments as part of the acquisition and procurement process," and cyber education requirements for acquisition personnel.

ODNI is also required to brief Congress on "IC-wide efforts to share more [cyber threat indicators and defensive measures] with the Department of Homeland Security for further dissemination to the private sector."