US Congress House side Shutterstock photo ID: 156615524 By mdgn editorial use only

IT Infrastructure

House puts NBIB shift under scrutiny in draft defense bill

House Democrats get to put their stamp on the annual bill authorizing defense programs for the first time in a long time.The first look at the House 2020 defense bill released June 3 comes from the Emerging Threats and Capabilities subcommittee and puts more oversight on the National Background Investigations Bureau’s move from the Office of Personnel Management to the Defense Department.

A House Armed Services Committee staffer told reporters during a media briefing June 3 that "saying there’s a transfer is different than how that all plays out in practice." The committee’s primary concerns are protecting civil liberties, such as privacy, and separating security and intelligence functions as the NBIB shifts to the Defense Security Service (soon to be the Defense Counterintelligence and Security Agency).

The draft of the subcommittee's legislation also emphasizes tightening cybersecurity of weapons and industrial control systems.

Multiple watchdog and internal reports found that DOD's weapons and other mission systems were riddled with cyber vulnerabilities. The committee hopes to remedy that by mandating evaluations of cyber vulnerabilities of each major weapon system by December 31 and requiring notification and justification for not meeting the deadline. The defense undersecretary for acquisition and sustainment would also have to report on mitigation efforts.

Additionally, DOD may have to be more accountable when it comes to endpoint security. The Committee noted in its draft direct reporting language that DOD "still lags the private sector in accounting for endpoints connected to the Department of Defense Information Network."

As a result, the committee directs the DOD CIO to submit a report by Feb. 1, 2020 on the implementation plan with a detailed assessment on progress made, challenges encountered when trying to account for endpoints connected to the DODIN, and an overview of how "comply-to-connect" and "continuous monitoring" relate to the overall cybersecurity strategy.

The draft bill mandates DOD submit a comprehensive report on the Defense Industrial Base’s cybersecurity efforts to defense committees by May 1, 2020.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.

Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.