NDAA recommendations include more oversight of secretive DoD activities

A House panel wants the Defense Department to notify Congress when cyber attacks are made and new cyber weapons are developed. It also wants to be notified of...

Congress wants to keep a closer eye on the Defense Department’s more secretive activities.

A House panel is recommending more stringent reporting on cyber activities and counterterrorism policy changes, along with $68 billion in funding for portfolios ranging from special operations to cyber to science and technology.

One of the bigger changes requires more stringent reporting of sensitive cyber operations and the use of cyber weapons. The recommendation from the House Armed Services’ Emerging Threats and Capabilities Subcommittee for the 2018 defense authorization bill asks DoD to promptly notify Congress when a cyber operation is conducted and when a new cyber weapon is developed.

“As cyber warfare capabilities are maturing and more emphasis points are being placed on that as a need for the department to develop those skills and our adversaries are becoming more advanced, [this provision] is a maturation in that sense to ensure that the notification pieces, the oversight mechanisms are all in place,” a House Armed Services Committee aide said during a June 20 briefing.

Cyber isn’t the only area where the subcommittee wants more oversight.

Congress wants to be briefed on any changes to counterterrorism policy within 30 days as well. That explicitly includes changes in procedures for direct action against terrorist targets.

Committee aides stressed the changes to both cyber and counterterrorism policy were not based in anything DoD did wrong in its information sharing with Congress.

That’s especially the case with cyber reporting, which has grown over the past few years.

“This is a maturation process and just like the committee tackled the issue of elevation, this is sort of a natural progression of things that we’ve done over the last couple of years. The fact that [U.S.] Cyber Command and the department have matured means they can be a little more granular on the level of detail they provide us on those operations,” one aide said.

The subcommittee is asking for other information on DoD’s cyber dealings. It wants the defense secretary to assess the current defense acquisition rules regarding cybersecurity and incident reporting to ensure they are conducive to small businesses and nontraditional defense businesses. The assessment will make sure the rules are effective for small businesses and identifies issues companies have with reporting requirements.

The subcommittee set its sights on cloud computing as well. The bill language asks DoD to leverage lessons learned by the military services on cloud computing regarding security, capabilities and criteria to determine if commercial, government or hybrid clouds are appropriate.

Other requirements include an assessment of cyber training and a briefing on plans to incorporate digital rights management in DoD networks.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories