The House Armed Services Cyber, Information Technologies, and Innovation subcommittee voted unanimously today to approve a tech-and cyber-focused legislative proposal within the National Defense Authorization Act (NDAA) for fiscal year (FY) 2024.
The approved proposal lays out several provisions to ensure the Department of Defense (DoD) enhances its cyber capabilities and drives the development and use of innovative technology.
“Today marks a moment of crucial consensus for our national defense, as we examine the cyber, information technologies, and innovation policies that will drive the [DoD] in Fiscal Year 2024,” Rep Mike Gallagher, R-Wis., chairman of the Subcommittee on Cyber, Innovative Technologies, and Information, written opening statement read.
The bill’s provisions include an emphasis on Defense leadership integrating commercial technology – not just developing it – improving the DoD’s cybersecurity posture through better visibility into networks and endpoints, developing metrics to measure the Department’s success at transitioning technologies, and hardening academic research security from intellectual property thieves.
“This mark is the starting place. In the weeks and months to come, we will continue to adapt and improve these policies to build a more resilient and capable military,” Rep. Gallagher said. “The future of conflict is here, and we must give our warfighters the authorities and capabilities necessary to win it. This mark begins doing just that.”
The full House Armed Services Committee plans to markup the FY24 NDAA in its entirety on June 21, including the tech and cyber provisions approved today.
Improving Pentagon Cyber Posture
The approved legislation included multiple cyber provisions to ensure that the DoD is well-postured to protect the department against growing threats, especially from adversarial nations like the Chinese Communist Party.
Several provisions emphasized the need for more engagement between the department, academia, and industry cybersecurity experts, including establishing an Academic Engagement Office for Cyber, which would develop and maintain DoD’s “relationship with academia, to include those entities involved in primary, secondary and post-secondary education.” This office would be under the authority of the DoD Chief Information Officer (CIO).
Another provision would give the military services legal authority to accept voluntary and uncompensated services – including training – from civilian cybersecurity experts.
The provision notes that this would solidify the legal basis for the U.S. Marine Corps Cyber Auxiliary program, which provides a formal process for voluntary services, “as well as enable the other military services to establish their own Cyber Auxiliary programs.”
Other cyber provisions include a directive for the DoD to provide the House Armed Services Committee and Congress with reports on several cyber-specific issues, such as how the DoD plans to scale the use of “Red Teams.”
The legislation also directs the DoD CIO to provide briefings on “existing gaps” in the Pentagon’s bring your own device policies, how the department can better utilize the National Guard and Reserve forces for cyberspace activities, and requiring the CIO to detail defense industrial base cybersecurity efforts and identify those that are underperforming.
Structural Changes, Scaling Innovation
In addition to cyber provisions, the approved legislation includes several efforts to restructure DoD management and internal reporting processes to better engage with the commercial technology sector.
One provision proposes renaming the Undersecretary of Defense for Research and Engineering position, currently held by Heidi Shyu, to Undersecretary of Defense for Technology Integration and Innovation. This change rescopes responsibilities under this title to focus on integrating commercial technology.
In addition, the undersecretary would be responsible for “establishing policies on, and supervising, all elements of the Department relating to the identification of commercial technology for potential use by the Department and integration of such technology into the armed forces [and the Department],” the legislation reads.
The undersecretary would also be responsible for promoting modular open system architecture approaches in acquisition to “encourage increased competition and the more frequent use of commercial technology within the Department,” it continues.
The bill also proposes codifying the elevation of the Director of Defense Innovation Unit (DIU) to report directly to the Secretary of Defense. In an April 4 memo, Defense Secretary Lloyd Austin previously announced that the DIU director would be “under the authority, direction, and control of the Secretary of Defense,” rather than reporting to the Undersecretary of Defense for Research and Engineering.
This restructuring means that Austin would be required to evaluate the DIU workforce and determine if DIU is “sufficiently staffed” and submit a report to Congress, within 180 days of the NDAA’s enactment, outlining a plan to remediate any identified funding or staffing shortfalls.
The approved legislation also includes provisions that would create and expand DoD innovative programs to help the Department more readily embrace emerging technologies. This includes a roughly four-year extension of the Department’s domestic investment pilot program under the Small Business Innovation Research program “to allow contracts to expand the pool of potential investors.”
In addition, the bill would establish a “new pilot program on near-term quantum applications,” which would require the DoD to work with a Federally funded research and development center (FFRDC) and the quantum industry “to identify near-term problems that could be solved with quantum computing.” Under this provision, the Department has until March 1, 2024, to brief lawmakers on the selected FFRDC “and the methodology and plan for establishing this pilot program.”
Under this legislation, DoD officials would also report to the full House Armed Services Committee on the implementation status of the DoD’s AI education strategy and the Department’s requirements for data services to support its AI and machine learning capabilities. The legislation also includes provisions requiring DoD officials to evaluate the DoD’s ability “to transition technology successfully.”
