HR 4365 Introduced
FY 2024 DOD Spending
Back in June, Rep Calvert (R,CA) introduced HR 4365, the Department of Defense Appropriations Act, 2024. The House Appropriations Committee published their Report on the bill. There are no cybersecurity references in the bill, but the Report includes a number of discussions about cybersecurity issues. These discussions include:
Cybersecurity Risks from Commercial Information Technology (pg 16),
Air Force Cyber Mission Assurance (pg 79),
Improving Cybersecurity Posture (pg 88),
Civilian Cyber Workforce (pg 88),
Cyberspace Electro-Magnetic Activities (pg 201), and
National Centers of Academic Excellence in Cybersecurity (pg 258)
Commercial Cybersecurity Issues
The Report discusses (pgs 16-7) risks from cybersecurity vulnerabilities in commercial information technology products. The report directs DOD to prepare a report to Congress providing “an updated threat assessment of the risks posed using commercially available information technology, particularly relating to computers and printers from countries of concern and shall include an assessment of the scale of their use across all networks.” The report is required to “include recommendations and legislative proposals, as appropriate, to inform future efforts to mitigate these threats and vulnerabilities.”
Weapon Cybersecurity
The Report mentions (pg 79) the Air Force’s Cyber Operations for Base Resilient Architecture (COBRA) pilot program. “The Committee encourages the Secretary of the Air Force to expand the COBRA pilot program to other component commands as part of an overall mission assurance strategy.”
Zero Trust Architecture
The Report discusses (pgs 87-8) Thunderdome, the Defense Information System Agency’s (DISA) prototype and initial implementation of enterprise-wide zero trust architecture. The Committee notes that it expects continued operation of the existing including Comply-to-Connect (C2C) program pending necessary testing and certification of Thunderdome capabilities. The report mandates additional reporting on Thunderdome implementation as part of the FY 2025 budget process.
DNS Filtering
The Report discusses (pg 88) the importance of domain name system filtering and encourages DOD to “leverage the Department’s test and proving ground capabilities to evaluate leading industry capabilities, including automated internet protocol filtering, and deep packet inspection based on real-time data that can detect and mitigate potential exfiltration from compromised hardware.”
NCAE-C Spending
The Committee provided $25 million above the budget request to support the National Centers of Academic Excellence in Cybersecurity (NCAE–C) program. The Committee expects the added funds to be used for “grants to centers of academic excellence to promote cybersecurity workforce development initiatives, advanced cyber research, and K–12 pipelines.”
Rules Committee Action
Back on August 22nd, the House Rules Committee published a notice announcing an August 30th Deadline for amendments for HR 4365. This was the first amendment deadline of the summer recess, but the Committee has not yet announced a meeting date for the bill (two other spending bill meetings have been announced). To date 319 amendments have been proposed. Only two amendments submitted to date:
#97 – Lamborn (R,CO), would allow Defensive CYBER - Software PrototypeDevelopment, to develop fieldable AI-based Defensive Cyber Operations (DCO) to detect cyber intrusions and data manipulation utilizing the U.S. Army Garrison Defense Platform, and
#240 – Franklin (R,FL), would increase Navy RDT&E funding by $6.5 million for the Cyber Supply Chain Risk Management program.
Moving Forward
See my July post on spending bill issues. If anything, the problems outlined in that post have actually gotten more complicated with additional posturing by the Republican 11, and ‘less extreme’ Republicans like Rep Greene (R,GA).
With two other spending bills (HR 4367 - DHS and HR 4665 - State Dept) on the meeting schedule for next week, and one already approved for floor action (HR 4368, Agriculture, Rural Development, Food and Drug Administration, and Related Agencies), we will have a chance to see what kind of chance these bills actually have of getting to the floor in the House and then passed (maybe). Senate action (bipartisan substitute language) will be less problematic, but then the political histrionics will be focused on the conference committees. If/then there will be a final vote in the House to watch for.
I really expect an end-of-year omnibus bill.