Lawmakers advance cyber legislation

In its version of the 2022 defense authorization bill, the Senate Armed Services Committee called for more cyber authorities and domestic production of critical materials.

The committee's bill includes a $268.4 million increase to the $10 billion budget request to support the Defense Department's cybersecurity efforts. It also requires DOD to assess its policy and capabilities needed to defend against ransomware attacks and directs the defense secretary to develop a pilot program focusing on the viability of teaming with "internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors," according to an executive summary of the bill.

Under the bill, the comptroller would be directed to assess the department's information and communications technology supply chain risks with a special focus on operational security standards for buying microelectronic products and services. It also requires the secretary to submit a report on DOD's plans for the Cybersecurity Maturity Model Certification Program.

On the microelectronics front, the committee’s bill mandates the creation of the research network originally called for in the Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act introduced in 2020 and that the Senate passed in June. The bill would also require defense contractors to disclose sources of printed circuit boards used in some systems.

In the House, lawmakers praised a suite of cybersecurity bills that advanced out of committee. The "urgently needed legislation" is meant to address vulnerabilities in networks and supply chains, while educating Americans on cybersecurity best practices.

The House Energy and Commerce Committee advanced eight bipartisan bills that focus in part on the cybersecurity of mobile service networks and prohibit equipment authorization for Chinese state-backed companies like Huawei and ZTE.

The Understanding Cybersecurity of Mobile Networks Act calls for a congressional report, conducted in consultation with the Department of Homeland Security, on cybersecurity of mobile services, examining the susceptibility of those networks and mobile devices to surveillance or attacks.

Another measure, titled the Secure Equipment Act of 2021, prohibits equipment authorization for firms whose products are included in the Federal Communications Commission’s list of covered communications equipment or services that pose a national security threat. That bill, introduced by Rep. Steve Scalise (R-La.) and Rep. Anna Eshoo (D-Calif.), included specific measures to ensure the rules were not applied retroactively.

The bills would also reform ongoing cyber initiatives within the FCC and National Telecommunications and Information Administration (NTIA)  while codifying existing advisory councils, as well as develop a whole-of-government approach to ensuring competitiveness among U.S. trusted vendors.

While some of the bills focused on the more technical aspects of cybersecurity, like the Future Uses of Technology Upholding Reliable and Enhanced (FUTURE) Networks Act, which orders the FCC to establish a 6G Task Force, others featured more aspirational goals to inform the public on improving cyber posture.

A bill introduced by several Democratic and Republican committee members, titled the American Cybersecurity Literacy Act, calls on NTIA to launch an educational campaign for U.S. citizens around cybersecurity risks and best practices.

The entire suite of legislation received significant bipartisan support from committee members like Rep. Cathy McMorris Rodgers (R-Wash.), who said during a markup hearing on Wednesday: "Today is a good example of what we can accomplish when we work together."

This article combines two stories that were first posted on FCW, a sibling site to Defense Systems.