The House Armed Services Committee draft version of the fiscal year 2020 National Defense Authorization Act (NDAA), released June 3, includes multiple provisions that would increase congressional oversight over multiple Defense Department (DoD) technology initiatives.
The summary of the bill, released by the Subcommittee on Intelligence and Emerging Threats and Capabilities, notes that Congress seeks a biannual report on the Joint Artificial Intelligence Center (JAIC), with details on staffing, investment priorities, and how JAIC is working with partners.
“The committee will ensure that the Department approaches issues involving AI, such as workforce development and ethical use, in a substantive and comprehensive manner,” the summary states.
The bill also increases oversight of US Cyber Command, requiring the military to report more frequently on offensive cyber operations and calling for an annual report on cyberspace operations.
“The Department’s definition of and threshold for sensitive military cyber operations notifications is not aligned with the intent of the committee. As military cyber operations increase in frequency and scope, the committee expects to be continually notified and kept fully and currently informed, in order to conduct oversight,” the summary states.
Additionally, the NDAA would require DoD to create strategies on software and 5G, issue an annual report on the Joint Military Information Support Operations Web Operations Center, and update policies on emerging technologies every six months.
With recent concerns on supply chain security, the bill also puts an emphasis on acquisition as well, directing DoD to pilot approaches to automated testing of software.
Furthermore, the draft bill would mandate a report on the synchronization of efforts between different military agencies in creating cybersecurity requirements for the Defense Industrial Base.
“The committee recognizes the Department’s efforts to address the protection of Department information held outside of government networks … However, the committee is concerned that these efforts are not coordinated or deconflicted. The committee is also concerned by the sense of confusion generated by either varying or contradictory regulatory requirements around cybersecurity,” the summary states.