House Panel Approves More Military Cyber Support for Critical infrastructure

A reflection of the Department of Homeland Security logo is seen reflected in the glasses of a cyber security analyst in the watch and warning center at the Department of Homeland Security's secretive cyber defense facility at Idaho National Laboratory.

A reflection of the Department of Homeland Security logo is seen reflected in the glasses of a cyber security analyst in the watch and warning center at the Department of Homeland Security's secretive cyber defense facility at Idaho National Laboratory. Mark J. Terrill/AP File Photo

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
Joseph Marks By Joseph Marks,
Senior Correspondent

By Joseph Marks

|

The pilot program would allow the Pentagon to lend cyber troops to the Homeland Security Department.

A House panel approved legislative language Wednesday that would make it easier for military cyber defenders to pitch in when U.S. critical infrastructure, such as hospitals and financial firms, are under attack.

The Homeland Security Department is the government’s lead agency during a domestic cyberattack but it lacks the broad cyber defense resources of the military. The pilot program would essentially allow the Secretary of Defense to lend cyber troops to Homeland Security to help shore up critical infrastructure.

The language was included in the emerging threats portion of the National Defense Authorization Act, an annual defense policy bill. House Armed Services Committee members approved the section on a voice vote but have yet to vote on the entire bill.

Downgrading DISA

The committee also approved language Wednesday that would transfer the Defense Department’s daily network protection duties from the Defense Information Systems Agency to U.S. Cyber Command, a significant blow for DISA.

The move is part of a broader effort by House Armed Services Chairman Mac Thornberry, R-Texas, to cut bureaucracy within so-called “fourth estate” Pentagon agencies that don’t report to any military service or command.

Because the National Defense Authorization Act is a must-pass bill, it’s traditionally a vehicle for numerous related and unrelated pieces of legislation that would be difficult to pass as stand-alone bills.

The Armed Service panel plans to work through Wednesday evening on roughly 400 amendments to the NDAA. Once the bill is approved by the committee it must still win approval on the House floor before being sent to a conference committee with the Senate.

Other approved portions of the NDAA would:

  • Urge the Pentagon to employ more bug bounties similar to the Hack the Pentagon program. The bill would also urge the Pentagon to rely on the Defense Digital Service, which managed Hack the Pentagon, for more of its digital vulnerability programs.
  • Require a study on creating cyber civil support teams in military reserve units. The teams would primarily operate under the control of state governors and help states prepare for cyberattacks and other emergencies.
  • Require more transparency from the Pentagon about how much money it spends on cyber vulnerability and mitigation work for major weapons systems.
  • Formalize a requirement for the Pentagon to notify Congress about breaches of personal information affecting troops or civilian Defense Department employees.
  • Require numerous reports and briefings on the international proliferation of autonomous digital weapons, including weapons that rely on artificial intelligence, the likely consequences of an “arms race” in cyber and autonomous weapons, and what the U.S. military is doing to protect itself from those weapons.  
  • Require a briefing on Defense Department efforts to counter adversary drones.

NEXT STORY: How Firefox is Moving Beyond Passwords