WASHINGTON — Senators crafting the annual defense policy bill proposed a raft of provisions to bolster oversight of the Defense Department’s information warfare enterprise including cyber, electromagnetic spectrum operations and information operations.
The Senate Armed Services Committee, which convenes yearly behind closed doors unlike its U.S. House counterpart, only provided a summary last week of its finalized version of the National Defense Authorization Act, which was heavy on new cyber provisions to try to improve authorities and capabilities. The proposal also would require several new reports to help the committee better understand the threat landscape.
Of note, the committee called for the commander of U.S. Cyber Command to establish a program, described as voluntary, to work with businesses to develop methods to protect against foreign malicious cyber actors.
Senators want the secretary of defense to develop a pilot program to assess the feasibility and advisability of a voluntary public-private partnership with internet companies to discover and disrupt the use of their platforms by malicious actors.
This follows several high-profile hacks and cyberattacks by nation-states and criminal groups that targeted commercial companies but still undermine security of the United States. Much of cyberspace is owned by the private sector, requiring greater partnership between the government and industry to protect America.
Moreover, with ransomware becoming a systemic problem, the Senate panel would like an assessment of the policy, capacity and capabilities of DoD to defend the nation from such attacks.
Within the defensive vein, the committee encouraged Joint Force Headquarters-DoD Information Networks, the operational arm of Cyber Command that secures, operates and defends the network, to explore further application of commercial off-the-shelf solutions to address what it calls urgent intelligence and operational gaps.
Other cyber provisions include the establishment of a civilian cyber reserve within Cyber Command. This was a key recommendation of the Cyberspace Solarium Commission’s report, which sought to chart a multipronged U.S. cyber strategy to prevent a so-called cyber 9/11. Last year’s defense policy law only charged DoD to study the creation of such a reserve.
The bill also would require another assessment of the current and emerging offensive cyber posture of adversaries, as well as plans by the U.S. military services for offensive cyber operations during a potential conflict.
On the information operations front, the Senate panel’s bill would the secretary of defense to conduct an assessment to determine the overall cyber and information operation civilian and military personnel education requirements to include an assessment of the feasibility of creating a national cyber academy.
With the emergence of so-called great power competition, adversaries have discovered the marriage of cyber operations and information operations to sow discord and erode U.S. security below the threshold of armed conflict, leading many outside experts to call for renewed training in these disciplines to both reestablish the dominance of the U.S. from the Cold War ear and modernize efforts for the 21st century internet age.
The undersecretary of defense for intelligence and security would need to develop a plan to more effectively fulfill the intelligence and information requirements of combatant commands to expose and counter foreign malign influence, coercion and subversion. The secretary of defense would have to submit a report on how the department is implementing the irregular warfare strategy within the 2019 annex that accompanied the 2018 National Defense Strategy.
The annex explains how the DoD will conduct operations in the so-called gray zone to contest adversary actions below the threshold of armed conflict, with a heavy emphasis on the information environment.
When it comes to electromagnetic spectrum operations, the summary’s only mention was a proposed requirement for the director of the Defense Intelligence Agency to provide an annual briefing on the electronic warfare threats posed to the military by Russia, China and “other relevant nations.”
Lawmakers eventually must reconcile the Senate’s bill with the House version, which is being drafted and marked up this week.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.