The Senate Armed Services Committee said on June 22 it completed its markup of the Fiscal Year (FY) 2022 National Defense Authorization Act (NDAA), which includes a $1 billion increase in funds for programs developing AI, microelectronics, advanced materials, 5G, and biotechnology.
The bill also features major to-do lists for DoD on broad areas of cybersecurity and emerging technologies, including items on defeating ransomware attacks, working closely to help the Cybersecurity and Infrastructure Security Agency (CISA), and undertaking zero trust security migrations similar to those called for in President Biden’s cybersecurity executive order for civilian agencies.
Overall, the FY22 defense funding measure carries a $777.9 billion national defense topline price tag, which includes $740.3 billion for the Department of Defense (DoD) and $27.7 billion for national security programs within the Department of Energy (DOE).
The committee – led by Chairman Jack Reed, D-R.I. and Ranking Member James Inhofe, R-Okla. – voted to advance the legislation which now heads to the Senate floor for consideration. A separate House version of the NDAA will be making its way through committee markups beginning July 28.
“This year’s markup provides our troops and Defense Department civilians with a well-deserved pay raise, as well as new tools and reforms to protect the health and well-being of our servicemen and women and their families,” said Sen. Reed in a press release. “It prioritizes programs and policies to strengthen our cyber defenses, improve readiness, and accelerate research and development of advanced technologies that will give our forces strategic advantages.”
Among other highlights, the NDAA bill includes a 2.7 percent pay increase for both military servicemembers and the DoD civilian workforce, and an increase of $500 million in funding for Defense Advanced Research Projects Agency’s (DARPA) high-risk, high-payoff research areas that include quantum computing and university research.
“After a lengthy but productive markup, I’m proud this year’s bipartisan National Defense Authorization Act increases the defense topline to the National Defense Strategy Commission’s recommendation of three to five percent real growth,” Sen. Inhofe said. “This is a big win for our national security and sends a strong message to both our allies and adversaries that America is prepared to stand up for ourselves and our friends.”
A summary of the bill provided by committee details numerous objectives for DoD’s work with cybersecurity and emerging technologies.
Across DoD, the NDAA bill authorizes an additional $264 million of spending on cybersecurity efforts.
It also places numerous requirements on DoD to address cybersecurity threats, including:
- Requiring an assessment of the current and emerging offensive cyber posture of adversaries and plans for U.S. offensive cyber operations during potential conflict.
- Requiring an assessment of DoD’s policy, capacity, and capability to defend the United States from ransomware attacks.
- Requiring the development a joint zero trust strategy and a model architecture for the Department of Defense Information Network and a data management strategy.
- Requiring a program to demonstrate and assess an automated security validation capability to assist the Department in cybersecurity efforts.
- Assessing the utility and cost-benefits of using capabilities to make risk-based vulnerability remediation decisions, identify key cyber terrain and assets, identify single-node mission dependencies, and monitor for changes in mission threat execution.
For U.S. Cyber Command, the bill:
- Requires the command to establish a voluntary process for engaging with the commercial information technology and cybersecurity companies to develop methods of coordination to protect against foreign malicious cyber actors.
- Encourages CYBERCOM Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) to explore further application of commercial off-the-shelf solutions across the command to address urgent intelligence and operations gaps.
- Requires an assessment of the current and emerging offensive cyber posture of adversaries of the United States and the plans of the military services for offensive cyber operations during potential conflict.
- Requires an assessment of the policy, capacity, and capabilities of DoD to defend the United States from ransomware attacks.
- Requires the Secretary of Defense to develop a pilot program to assess the feasibility and advisability of entering into voluntary public-private partnerships with Internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors.
- Directs DoD to conduct an assessment of the need to establish a cyberspace foundational and science and technical intelligence center; focus on wargaming activities and capabilities; and enhance operation models and simulations.
- Requires the Secretary of Defense to submit a report on the plans for the Cyber Maturity Model Certification Program.
- Strengthens the university cyber consortium of academic institutions that have been designed as Cyber Centers of Academic Excellence for cyber operations, cyber research, and cyber defense.
- Directs the establishment of a working group to review and propose updates to DoD and component acquisition policy and guidance on cybersecurity requirements for systems and weapon acquisitions and report on specific proposals for updating policy and guidance.
- Directs the Comptroller General to assess DoD’s efforts to address information and communications technology supply chain risks.
- Requires a report on ways DoD can improve support to the Cybersecurity and Infrastructure Security Agency to increase awareness of threats and vulnerabilities.
Emerging Tech Items
In addition to the increased DARPA funding and bigger investments for several classes of emerging technologies, the bill:
- Authorizes nearly $2.5 billion for defense university research programs of the military services and DARPA.
- Implements a number of recommendations from the National Security Commission on Artificial Intelligence, including accelerating processes to apply artificial intelligence capabilities to military systems, processes, and operations.
- Requires the Secretary of Defense to establish a set of activities to accelerate the development and deployment of a large-scale, dual-use quantum computing capability.
- Mandates the establishment of the microelectronics research network, originally established in the Creating Helpful Incentives to Produce Semiconductors for America Act (CHIPS Act).
- Strengthens the ability of the Department of Defense laboratories and DARPA to hire and retain world-class technical talent.
- Requires the Secretaries of the military departments to establish pilot programs for telecommunications infrastructure to facilitate the deployment of 5G wireless telecommunications on military installations, and submit regular reports to Congress.
- Directs the Comptroller General to conduct an assessment of the DOD trusted supply chain and operational security standards for the purchase of microelectronic products and services.