House panel advances NDAA with labor protections, spectrum rules

The House Armed Services Committee unanimously passed its version of the 2021 National Defense Authorization Act with a slew of tech provisions, including a limited ban targeting Ligado 5G networks, new artificial intelligence initiatives, and more cybersecurity oversight. But collective bargaining protections for DOD employees was also highlighted.

Defense employees gained labor protections with an amendment by Rep. Donald Norcross (D-N.J.) that prohibits funds authorized by the bill to be used to exclude DOD employees from collective bargaining.

The provision blocks authority the White House gave to the defense secretary earlier this year to exclude civilian defense workers from the Federal Service Labor-Management Relations law.

Ligado ban prevails plus more hardware supply chain scrutiny

The HASC passed a provision that would ban the Defense Department from contracting with companies using spectrum frequencies that could interfere with its Global Positioning Systems signals. The amendment, sponsored by Rep. Michael Turner (R-Ohio), applies to new and existing contracts and can only be waived after the defense secretary "has certified to the congressional defense committees that such operations do not cause harmful interference to a Global Positioning System device of the Department of Defense," the language states.

A separate amendment adds to increased scrutiny on tech hardware supply chains. Rep. Vicky Hartzler (R-Mo.) submitted an amendment focused on microelectronics, requiring printed circuit board contractors and subcontractors to certify that components can be made in the U.S. and certain foreign countries. This amendment would require defense contractors to be able to certify 50% of DOD's circuit board needs by covered suppliers starting in 2023. That number increases to a 75% minimum in fiscal 2028. By 2033, suppliers in covered countries will have to meet all of DOD's requirements for printed circuit boards. The amendment does include waivers and exceptions, for example, when no significant national security risks and the contractor is otherwise cyber-compliant.

Increased oversight of cyber vulnerabilities

The Defense Department's cybersecurity practices, particularly its new unified standard for contractors, got special attention in the bill which mandates new cybersecurity vulnerability reports by the Government Accountability Office -- one focusing on DOD's cyber hygiene and Cybersecurity Maturity Model Framework, and another on breaches and cyber incidents on DOD's networks since 2015.

The committee worries that DOD hasn't sufficiently implemented cyber hygiene practices across its own enterprise "yet it plans to require private sector companies to implement cyber hygiene practices through the Cybersecurity Maturity Model Certification framework," wrote Rep. Chrissy Houlahan (D-Pa.), who offered the provisions.

CMMC also gets more attention with a reporting requirement on how the Defense Department, the program's accrediting body, and third-party assessors will protect companies' proprietary information.

Another amendment provides grant assistance for small manufacturers with cybersecurity services needed to comply with DOD's cybersecurity requirements in both the Federal Acquisition Regulation and CMMC. Funds, which can be used to get trained third-party help are subject to the availability of appropriations, and overseen by the defense secretary and NIST.

Can AI thwart adversarial capital and enhance HR abilities?

Ellen Lord, DOD's chief buyer, has been vocal about potentially malicious foreign investments, particularly with shell companies that first appear to be American. Added language asks DOD to look at adding an AI solution to help sift through defense contractors and other companies looking to work with the department. The tech would have to be able to distinguish "organizations or individuals that hide ownership or investments in companies that contract with the Department of Defense for critical technology." The DIU director would have to report on the matter by April 30, 2021.

The House panel's plan includes a provision that requires DOD to create and implement a program to train HR personnel, civilian and military in software development, data science, and AI if they are responsible for hiring in those fields. Another provision encourages self-directed AI training by mandating the defense secretary provide a list of available courses for DOD personnel. Those who complete training (off the clock) can be rewarded with additional leave.

The bill also creates a presidential National Artificial Intelligence Advisory Initiative to spur and focus federal government investment in the technology. The initiative, which involves agency and department heads across government, would get its own office and interagency committee and help develop, examine, and implement plans to promote research, educational programs (including K-12), and public sector infrastructure needed to respond to economic and public health emergencies. Rep. Kendra Horn (D-Okla.) submitted the amendment.

IT infrastructure woes

The Air Force Academy needs to upgrade its legacy IT infrastructure but has been delayed due to pandemic social distancing requirements and "unique requirements not supported by existing Air Force IT enterprise services." Rep. Don Bacon (R-Neb.) added reporting language for a Dec. 1 briefing on how the Air Force plans to complete its modernization and long-term sustainment.

Rep. Anthony Brown (D-Md.) also submitted a reporting language that requires the defense secretary to provide an update on the Defense Information Systems Agency's ongoing consolidation effort called the Fourth Estate Network Optimization, which involves moving defense agencies and activities to IT services on a single service provider environment, by Feb. 1, 2021.