Written by Billy Mitchell
The Senate Armed Services Committee on Wednesday presented its version of the annual Defense Policy Bill, authorizing $ 768 billion in defense spending that prioritizes modernizing the military’s IT and cybersecurity capabilities, including the approval of an additional $ 286 million in cyber spending across the department. of the defense.
The Senate’s decision to send the 2022 National Defense Authorization Act to the House Prosecutor’s Office came after the House Armed Services Committee submitted its own version of the bill earlier in September to voting on amendments. The Senate lead authorization would approve a $ 25 billion increase in spending over the president’s defense budget request, while the House lead would approve an additional $ 24 billion.
The annual NDAA does not provide funding but establishes a policy allowing DOD programs to spend money from separate defense credits.
“This bill is the most important bill we make every year, but the current crises we face make it more essential now,” said Senator Jim Inhofe, R-Okla., Of the NDAA of the Senate. “It is up to Congress to ensure that our troops and their families have the tools, capabilities, training and resources to defend our country against these very real and very serious threats. That’s why this year’s bill increases defense spending by $ 25 billion above the president’s request.
In addition to the 2.7% salary increase the bill allows for military personnel, the Senate version is chock-full of new authorizations and requirements for DOD IT, artificial intelligence, and cybersecurity. Committee Chairman, Senator Jack Reed, DR.I., said the bill “prioritizes efforts to strengthen our cyber defenses, improve preparedness, and accelerate research and development of advanced technologies. “.
Highlights on the cybersecurity front include the authorization of an additional $ 286.4 million in cybersecurity spending to be used across DOD and the requirement that the ministry develop “a joint zero trust strategy and one. model architecture for the information network of the Ministry of Defense ”.
The DOD CIO would work with the commander of the Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN) to publish this plan, and each of the military services and components of the DOD would be required to develop “detailed implementation plans.” “.
“The committee remains concerned with the slow adoption by the Department of zero trust principles and supports efforts to engender a department-wide cybersecurity paradigm shift towards the adoption of critical elements of an architecture.” zero trust, including identity, credential and access management; segmentation of macro and micro networks; least privilege access controls; and endpoint cybersecurity, ”says a report on the bill.
The bill also calls on DOD IT managers to develop a data management strategy within 180 days of enactment to support offensive and defensive cyber operations. The strategy would encapsulate “data acquired from the intelligence and counterintelligence components of DOD, including the National Security Agency and the US Cyber Command (CYBERCOM), as well as the DOD cybersecurity service providers, information on cyber threats from industry and other government agencies; and data collected from comprehensive data. collection within the DOD information network (DODIN), ”says the report.
Finally, the bill, if passed, would require the Secretary of Defense to submit a report on Cyber Maturity Model (CMMC) certification program plans by January 15, 2022. This report would include any programmatic changes resulting from the recent internal review of the CMMC program DOD, the strategy for instituting a rule on the program, any budget or resource requirements, and a plan to communicate changes with industry.
The CMMC measure would also require “plans to ensure that those seeking a contract with the Defense Ministry for the first time are not required to spend funds to acquire cybersecurity capabilities and certification required to perform a contract as a condition. prior to the call for tenders on such a contract. without reimbursement in the event that these individuals do not receive a contract award.
If passed, NDAA 2022 would authorize an increase of over $ 1 billion to fund “cutting-edge research and prototyping … in critical areas such as artificial intelligence, microelectronics, advanced materials, etc. 5G and biotechnology, ”says the bill’s report.
It would also implement a number of recommendations made by the National Security Commission on AI in its final report, such as requiring “the establishment of performance targets and accompanying measures for the incorporation of the AI and digital readiness in the platforms, processes and operations of the Department of Defense. . “
The committee notes that the final report of the National Security Commission for Artificial Intelligence highlights the establishment of performance targets for AI and digital readiness as an important step in achieving a state of readiness for the Military AI by 2025, “the report said.
At the same time, he could ask heads of military services to conduct skills gap assessments “in the areas of software development, software engineering, knowledge management, data science and technology. ‘IA “.
The bill also calls on the Joint AI Center to change its Joint Common Foundation (JCF) program – a coding platform aimed at helping military users create their own artificial intelligence models. With the change, the Senate intends to make DOD components “easy to contract with leading artificial intelligence (AI) trading companies to support the rapid and efficient development and deployment of applications.” and capacities ”.
While the Senate committee sprinkled general IT requirements and powers into its bill, some more important measures stood out.
On the cloud front, the committee wants to accelerate the migration of the Fourth Estate to the cloud via milCloud 2.0. The authors acknowledge in the report “that previously scheduled cloud migration efforts at some fourth state agencies have been repeatedly delayed by funding shortfalls, including deficits created by the redefining of fund priorities for funding. ‘immediate improvements in telecommuting information technology linked to COVID-19’.
Thus, they recommend a budget increase of $ 42 million for the Defense Systems Information Agency to lead the milCloud migration of the Fourth Estate.
Additionally, the bill calls on Space Force technology leaders, in conjunction with the DOD CIO, to brief Congress by October 1 on how the Space Force will leverage cloud computing for its programs and systems.
“The committee believes that the use of commercial cloud services for military space programs deserves further study and, where appropriate, rapid adoption,” the report said.
As the DOD seeks to embrace emerging technologies, Congress wants to ensure it has the flexible authorities and competent leadership to do so.
As such, it recommends an assessment of any barriers to the acquisition of commercial technologies by the DOD and a pilot project to “develop and implement single procurement mechanisms for emerging technologies that seek to increase speed. , flexibility and competition from the Department of Defense (DOD) procurement process.
“DOD leaders consistently stress the critical importance in today’s major power competition of rapidly capitalizing on commercial technological advancements in areas such as artificial intelligence and machine learning, cloud computing, business services. ‘cloud-based business and software products and services,’ says Bill’s report. said. “However, the committee is concerned that too often DOD components choose to contract for the development of custom solutions when mature business capabilities exist that will save time and money and deliver better performance. “
And to improve leaders’ understanding of these technologies, Congress wants the DOD to develop an executive training program on emerging technologies for senior civilian and military leaders.
Once the Senate and House versions of the NDAA have been passed in their respective bodies, they will come together to create a final bill for the president’s approval.
-In this story-
artificial intelligence (AI), Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Department of Defense (DOD), Jack Reed, Jim Inhofe, Joint Artificial Intelligence Center (JAIC), milCloud 2.0, NDAA, Senate, Senate Armed Forces Committee