Lawmakers advance cyber legislation
- By Lauren Williams, Chris Riotta
- Jul 27, 2021
In its version of the 2022 defense authorization bill, the Senate Armed Services Committee called for more cyber authorities and domestic production of critical materials.
The committee's bill includes a $268.4 million increase to the $10 billion budget request to support the Defense Department's cybersecurity efforts. It also requires DOD to assess its policy and capabilities needed to defend against ransomware attacks and directs the defense secretary to develop a pilot program focusing on the viability of teaming with "internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors," according to an executive summary of the bill.
Under the bill, the comptroller would be directed to assess the department's information and communications technology supply chain risks with a special focus on operational security standards for buying microelectronic products and services. It also requires the secretary to submit a report on DOD's plans for the Cybersecurity Maturity Model Certification Program.
On the microelectronics front, the committee’s bill mandates the creation of the research network originally called for in the Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act introduced in 2020 and that the Senate passed in June. The bill would also require defense contractors to disclose sources of printed circuit boards used in some systems.
In the House, lawmakers praised a suite of cybersecurity bills that advanced out of committee. The "urgently needed legislation" is meant to address vulnerabilities in networks and supply chains, while educating Americans on cybersecurity best practices.
The House Energy and Commerce Committee advanced eight bipartisan bills that focus in part on the cybersecurity of mobile service networks and prohibit equipment authorization for Chinese state-backed companies like Huawei and ZTE.
The Understanding Cybersecurity of Mobile Networks Act calls for a congressional report, conducted in consultation with the Department of Homeland Security, on cybersecurity of mobile services, examining the susceptibility of those networks and mobile devices to surveillance or attacks.
Another measure, titled the Secure Equipment Act of 2021, prohibits equipment authorization for firms whose products are included in the Federal Communications Commission’s list of covered communications equipment or services that pose a national security threat. That bill, introduced by Rep. Steve Scalise (R-La.) and Rep. Anna Eshoo (D-Calif.), included specific measures to ensure the rules were not applied retroactively.
The bills would also reform ongoing cyber initiatives within the FCC and National Telecommunications and Information Administration (NTIA) while codifying existing advisory councils, as well as develop a whole-of-government approach to ensuring competitiveness among U.S. trusted vendors.
While some of the bills focused on the more technical aspects of cybersecurity, like the Future Uses of Technology Upholding Reliable and Enhanced (FUTURE) Networks Act, which orders the FCC to establish a 6G Task Force, others featured more aspirational goals to inform the public on improving cyber posture.
A bill introduced by several Democratic and Republican committee members, titled the American Cybersecurity Literacy Act, calls on NTIA to launch an educational campaign for U.S. citizens around cybersecurity risks and best practices.
The entire suite of legislation received significant bipartisan support from committee members like Rep. Cathy McMorris Rodgers (R-Wash.), who said during a markup hearing on Wednesday: "Today is a good example of what we can accomplish when we work together."
This article combines two stories that were first posted on FCW, a sibling site to Defense Systems.
Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.