Lawmakers are expressing confidence that this year’s defense policy bill will include a measure requiring that the defense committees be notified within 48 hours of a sensitive military cyber operation.
The measure is intended to boost congressional oversight of the Pentagon’s sensitive cyber operations.
Reps. Elise Stefanik (R-N.Y.) and Jim Langevin (D-R.I.), who lead the House Armed Services Subcommittee on Emerging Threats and Capabilities, voiced confidence Tuesday that the provision would make the final version of the 2018 National Defense Authorization Act (NDAA).
“The Congress has an obligation to do proper oversight over Pentagon operations and all aspects of what our warfighters are doing,” Langevin said. “This is a new area that hadn’t been addressed. Clearly, modern warfare has forever changed.”
“This is good governance and part of the process as our cyber capabilities are maturing,” Stefanik said. “This would be similar to the notification Congress receives for counterterrorism efforts.”
Langevin and Stefanik along with Reps. Mac Thornberry (R-Texas) and Adam SmithDavid (Adam) Adam SmithOvernight Defense & National Security — Presented by AM General — The Quad confab The Hill's Morning Report - Presented by Alibaba - Democrats argue price before policy amid scramble House passes sweeping defense policy bill MORE (D-Wash.), the leaders of the House Armed Services Committee, have been pressing the issue since earlier this year. They introduced standalone legislation requiring the secretary of Defense to notify congressional defense committees within 48 hours of sensitive military cyber operations.
The measure will be considered on Wednesday, when the full House committee is scheduled to mark up the NDAA — a debate that often becomes heated over contentious provisions and is likely to stretch into the early hours of Thursday. The Senate began debating its own version of the bill behind closed doors this week.
The measure, which would also require the Pentagon to notify Congress of the development of offensive cyber weapons, was one of several cyber-related provisions included in the subcommittee’s mark of the NDAA released last week.
“I look forward to having this included in the final FY18 NDAA we are marking up tomorrow,” Stefanik said.
The subcommittee’s measure also includes language aimed at increasing cyber cooperation between the United States and its allies in the Indo-Asia-Pacific region, modeled after a bill introduced by Thornberry earlier this year.
The subcommittee mark also authorizes funding for a Pentagon cyber scholarship program that was phased out in 2013 due to sequestration.
Langevin underscored the need for continued focus on the Pentagon’s efforts to train, recruit and retain cyber personnel — a task that is made difficult by steep salaries offered in the private sector.
“I think the training is always going to be key, both training and recruitment, making sure we have the right personnel that are properly trained,” Langevin said. “They’re on track right now and I have confidence in that, but it’s an ongoing effort.”
Thornberry late Monday unveiled the House version of the NDAA, which would authorize more than $696 billion in defense spending for the next fiscal year — nearly $30 billion more than the number requested by President Trump.
The measure would allot $8 billion for the Pentagon’s cyber operations, including a 16 percent boost in funding for the U.S. Cyber Command that meets the Pentagon’s request for $647 million for the military unit.
It is murky where the Senate stands on the cyber notification issue, though Langevin expressed high hopes that it would enjoy broad support in the Senate as well.
“[I] would not hesitate to get on the phone with Sen. [Jack] Reed, who is my counterpart from Rhode Island, if I thought there was going to be a problem or an issue to share my perspective and encourage him to support this,” Langevin added.