House defense policy bill would establish collaborative federal-industry agenda

The House version of the annual defense policy bill would create a new effort for federal agencies and private industry to share digital threat data to potentially get ahead of hacks.

The proposal to create the “Cyber ​​Threat Environment Collaboration Program” was included in the chairman’s mark of the House Armed Services Committee’s annual defense authorization bill that was made public on Monday.

Panel members are expected to spend all of Wednesday scoring the measure, which details $802.4 billion in defense spending next year. The full House could vote on the legislation as early as next month.

The new program would direct the heads of the Departments of Homeland Security and Defense, as well as the Director of National Intelligence and the Director of the National Security Agency, to “develop a collaborative information environment that enables entities to identify, mitigate and prevent malicious cybercriminals”. activity.

“The collaborative environment would provide limited access to operationally relevant data on cybersecurity risks and cybersecurity threats, including malware forensics and network sensor program data, on a platform that allows for querying and analysis,” the bill says.

The program was originally recommended by the Cyberspace Solarium Commission of Congress – and dubbed “the Joint Collaborative Environment” – with the goal of improving information sharing between federal agencies and private companies.

The Senate Armed Services Committee approved its draft policy roadmap last week in a closed meeting. A summary of the massive bill does not mention the creation of the new collaboration program.

The president’s mark also included language that would compel the secretary of defense to establish a consortium of military and educational institutions to help with cybersecurity education and information sharing.

The network would be headed by the president of the National Defense University and made up of groups such as professional military education schools, service schools and academies, and other institutions of higher learning.

The bill would also grant the DoD’s top cyber adviser the authority to certify a portion of the Pentagon’s cyberspace activities budget — for which the Biden administration has requested $11.2 billion in the next fiscal year — and require the head of U.S. Cyber ​​Command to submit an annual report on the adequacy of support for cyberspace operations by the military services.

Earlier this month, the Cyber ​​subgroup of the House Armed Services Committee annotated its portion of the defense policy bill.

Panel members unanimously endorsed the legislation, which called for an independent assessment of the Pentagon’s chief information officer’s office, including its staffing levels, and a review of underperforming military computer software and systems. .

Martin is a senior cybersecurity reporter for The Record. He has spent the past five years at Politico, where he covered Congress, the Pentagon and the US intelligence community and was a driving force behind the publication’s cybersecurity newsletter.

Ryan H. Bowman