Cyber Legislation's Unnoticed Rise
National cybersecurity legislation jumped a <a href="http://www.nextgov.com/nextgov/ng_20100528_3390.php?oref=topnews">major hurdle</a> Friday in the House, but went mostly unnoticed. This is what happens when a big story drops on a Friday afternoon right before a holiday weekend. The House <a href="http://armedservices.house.gov/apps/list/press/armedsvc_dem/SkeltonPR0528102.shtml">passed</a> the fiscal <a href="http://thomas.loc.gov/cgi-bin/bdquery/z?d111:H.R.5136:">2011 National Defense Authorization Act</a>, which included an amendment from Reps. Jim Langevin, D-R.I., and Diane Watson , D-Calif. to update information security requirements for agencies, and establish a separate cybersecurity office in the White House.
National cybersecurity legislation jumped a major hurdle Friday in the House, but went mostly unnoticed. This is what happens when a big story drops on a Friday afternoon right before a holiday weekend. The House passed the fiscal 2011 National Defense Authorization Act, which included an amendment from Reps. Jim Langevin, D-R.I., and Diane Watson , D-Calif. to update information security requirements for agencies, and establish a separate cybersecurity office in the White House.
According to a report from Nextgov, the amendment would mandate agency use of automated monitoring to assess cyber threats. I did a keyword search for "cyber" in the original text of the bill and returned this:
SEC. 1046. CYBERSECURITY STUDY AND REPORT.(a) Sense of Congress- It is the sense of Congress that--
(1) cybersecurity is one of the most serious national security challenges facing the United States; and
(2) it is critical that the Department of Defense develop technological solutions that ensure the security and freedom of action of the Department while operating in the cyber domain.
(b) Study- The Secretary of Defense shall conduct a study assessing--
(1) the current use of, and potential applications of, modeling and simulation tools to identify likely cybersecurity methodologies and vulnerabilities within the Department of Defense.
(2) the application of modeling and simulation technology to develop strategies and programs to deter hostile or malicious activity intended to compromise Department of Defense information systems.
(c) Report- Not later than January 1, 2012, the Secretary of Defense shall submit to the Committees on Armed Services of the House of Representatives and the Senate a report containing the results of the study conducted under subsection (b), including recommendations on possible options for increasing the use of simulation tools to further strengthen the cybersecurity environment of the Department of Defense.
(d) Form- The report required under subsection (c) shall be submitted in unclassified form, but may include a classified annex.
The text from the amendments is located here and here.
Including these amendments in the National Defense Authorization Act was, of course, brilliant political maneuvering. I don't need to tell anyone that with two wars in Iraq and Afghanistan, this was a bill almost assured of passage. The next step is a Senate bill, the details of which are still being worked out, sources say.