The Senate Armed Services Committee wants to add new responsibilities to the Pentagon’s Principal Cyber Advisor as part of a broader effort to ensure cyber forces can meet new challenges.
The committee released a summary June 11 of the annual defense policy bill for fiscal year 2021. The bill, which passed the committee June 10, also adopts several recommendations made by the Cyberspace Solarium Commission, a bipartisan organization created in 2019 to develop a multipronged U.S. cyber strategy.
Among items the panel approved is giving the Principal Cyber Advisor more responsibility related to integration and coordination to ensure that DoD’s cyber policies are coherent and cohesive.
Here is a breakdown of other key cyber-related items in the bill:
The bill includes several provisions to improve the way DoD procures cyber equipment as well as to improve the Congressional oversight of those programs.
The solarium commission had recommended DoD write a report on the direction and control of budgets related to cyber forces. New language in the Senate committee’s version takes that recommendation and is aims at ensuring flexibility and agility to control acquisition.
U.S. Cyber Command more than doubled the amount of money it issued in defense contracts between fiscal years 2018 and 2019, according to figures provided in written testimony to Congress.
The bill also requires the Department of Defense to kick off pilot programs, demonstrations and/or plans in several areas. These include speed-based cybersecurity capability metrics to measure DoD performance and effectiveness, interoperability and automated orchestration of cybersecurity systems, addressing network timing and inconsistencies and integration of user activity monitoring and cybersecurity systems.
The draft bill also includes two provisions aimed changing how some cyber funds are spent. First, it authorizes increased funds for Air Force and Army operation and maintenance funds to provide the cyber mission force with additional resources to access, operate, and train as required by increased operational demands. Those increases are $25 million and $5 million, respectively.
Second, the bill allows Defense leaders to use these funds for rapid creation, testing and fielding of cyber capabilities to respond more quickly to threats.
This builds upon last year’s defense policy law that codified use of these funds for “rapid creation, testing, fielding, and operation of cyber capabilities that would be developed and used within the 1-year appropriation period.” The Air Force is already using these funds in this manner.
Off the bench
The bill includes several provisions focused on National Guard and Reserve cyber forces. DoD has typically thought of those teams as critical resources at the state, local and national level to augment the active duty force.
Specially, the Senate bill takes two recommendations from the solarium commission requiring DoD to conduct a review of National Guard responses to cyberattacks and an evaluation of cyber reserve force options to provide a surge capability.
The bill also authorizes a pilot program to prepare the Guard to provide cyber assistance remotely in the event of cyberattacks.
Assessing the force
The committee also takes aim at a couple of force structure issues. One recommendation from the solarium commission included requiring DoD to provide a force structure assessment in the quadrennial cyber posture review.
Solarium commissioners, and members of Congress, are concerned that U.S. Cyber Command’s cyber mission force might not be prepared to take on today’s threats.
U.S. Cyber Command’s cyber mission force consists of 133 offensive, support and defensive cyber teams. But during a March 4 hearing of the House Armed Services Committee, Rep. Jim Langevin, D-Rhode Island, used his opening statement to ask about Cyber Command’s staffing.
The bill also aims to help DoD better retain its cyber talent. Specifically, Senators want to give Cyber Command the same hiring authority for technical talent as the Defense Advanced Research Projects Agency, Strategic Capabilities Office or the Joint Artificial Intelligence Center. This will allow Cyber Command to offer more competitive pay.
Additionally, the bill requires a provision requiring more regular updates to Congress on cyber operations while also requiring an assessment of gaps between the cyber mission force and cybersecurity service providers.
The Senate panel’s bill will next head to the full Senate before being reconciled with the House version. The House Armed Services will mark up its version June 22.