A House Armed Services Committee (HASC) panel approved its markup April 26 of a defense authorization bill, with wide-ranging cyber directives for Pentagon officials to bolster artificial intelligence (AI) oversight and cyber partnership engagement.
Lawmakers on the Emerging Threats and Capabilities subcommittee unanimously agreed to send its portion of the FY ’19 National Defense Authorization Act to the full committee, including provisions for expanding Defense Department cyber support to the Department of Homeland Security’s efforts to protect critical infrastructure from cyber attacks.
“Our subcommittee is responsible for many vital national security interests, and this mark includes many recommendations and initiatives to advance emerging technologies, strengthen our cyber warfare capabilities,” Subcommittee Chair Rep. Elise Stefanik (R-N.Y.) said during the markup. “Our mark better organizes the Department of Defense to oversee, accelerate and integrate artificial intelligence and machine learning across the defense enterprise.”
The bill calls on DoD’s Under Secretary of Research and Engineering to establish and lead an Artificial Intelligence and Machine Learning Policy and Oversight Council to oversee the research and policy behind future automated capability initiatives.
“As we looked at this, there are some 500-plus AI projects, activities, programs, and there isn’t necessarily a policy direction where it’s all headed. So this directs DoD to look at an AI strategy,” committee staff told reporters during an April 25 briefing.
To drive this policy-focused approach to AI, the Secretary of Defense would have 180 days to assess DoD’s current AI capabilities and brief Congress on advances that the department must make to stay ahead of adversaries’ technological development.
After a recent push from the Senate Armed Services Committee for top Pentagon cyber leadership to increase efforts to assist DHS with critical infrastructure protection, HASC lawmakers included provisions in their mark for a pilot program to boost DoD personnel for domestic cyber support.
The subcommittee’s mark asks DHS and DoD officials to consider using reserve forces for “cyber civil support teams” to respond to cyber incidents directed at critical infrastructure.
“The mark strengthens our whole-of-government cyber security posture by establishing a pilot program that allows for improved coordination between the Departments of Defense and Homeland Security to prevent and respond to cyber attacks against our critical infrastructure,” Stefanik said.
The Secretary of Defense would also be authorized to transfer a greater number of technical personnel to DHS to bolster cooperation on infrastructure security efforts, including improving election resiliency.
Committee staff told sister publication Defense Daily the directive is to improve DoD and DHS’ coordination on domestic critical infrastructure initiatives in the face of growing adversarial cyber threats, while forming a policy framework for how to respond to future threats.
“It’s about having a common operating picture, developing relationships, enhancing relationships, having DoD personnel that have a lot of critical cyber security and defense skill sets co-located and sitting side by side,” committee staff said.
Lawmakers are also calling for improved cyber engagement on the international level, authorizing DoD to provide funds to support NATO’s Cooperative Cyber Defense Center of Excellence (CCD COE) in Estonia. The mark also directs the Secretary of Defense to appoint an official as an executive agent for CCD COE to assist with coordinating participating on future cyber exercises.
The subcommittee’s mark establishes more defined procedures for officials report DoD breaches, while providing more support for pilot programs such as “Hack the Pentagon” to assist with rapidly identifying network vulnerabilities.
“The committee notes the success of the Defense Digital Service’s ‘Hack the Pentagon’ program, and encourages the Department to use this or similar DDS activities to more rapidly and effectively improve the cyber security of government owned and operated facilities,” the subcommittee wrote in its summary of the markup.
DoD officials are also required under the bill to adjust procedures for securing the cyber security of the Pentagon’s network and its weapons systems.
Responsibility for the DoD Information Network is currently split between the Defense Information Systems Agency and U.S. Cyber Command. The subcommittee’s bill would move all command and control and cyber defense of the network over to Cyber Command.
The move follows HASC Chairman Mac Thornberry’s (R-Texas) recently proposed bill to eliminate DISA.
DoD officials would now also have to submit evaluations of cyber vulnerabilities in its weapons systems and mitigations plans beginning in FY 2021.
“They’re identifying solutions, which will definitely in the long run cost money whether it’s through each individual program or hardening of cyber capabilities with that particular weapon system or even broader with network defense,” committee staff told reporters.
HASC is expected to take up its mark of the FY ’19 NDAA in May.