Sec. 1630. Modification of requirements relating to the Strategic Cybersecurity Program and the evaluation of cyber vulnerabilities of major weapon systems of the Department of Defense
737 words·~3 min read·
/bill/116/s/4049/rs/section-1630·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 1647 of the National Defense Authorization Act for Fiscal Year 2016 ( Public Law 114–92 ), as amended by section 1633 of the National Defense Authorization Act for Fiscal Year 2020 ( Public Law 116–92 ), is further amended by adding at the end the following new subsection: The Secretary of Defense shall establish policies and requirements for each major weapon system, and the priority critical infrastructure essential to the proper functioning of major weapon systems in broader mission areas, to be re-assessed for cyber vulnerabilities, taking into account upgrades or other modifications to systems and changes in the threat.
Each secretary of a military department shall identify a senior official who shall be responsible for ensuring that cyber vulnerability assessments and mitigations for weapon systems and critical infrastructure are planned, funded, and carried out. . Such section 1647 of the National Defense Authorization Act for Fiscal Year 2016 is further amended— by redesignating subsection
(g)as subsection (h); and by redesignating the second subsection (f), as added by section 1633 of the National Defense Authorization Act for Fiscal Year 2020, as subsection (g). Section 1640 of the National Defense Authorization Act for Fiscal Year 2018 ( Public Law 115–91 ; 10 U.S.C. 2224 note), is amended by striking subsections
(a)through
(e)and inserting the following new subsections: Not later than August 1, 2021, the Secretary of Defense shall, acting through the Director of the National Security Agency and in coordination with the Vice Chairman of the Joint Chiefs of Staff, establish a program to be known as the Strategic Cybersecurity Program (in this section referred to as the Program ). The Program shall be comprised of personnel assigned to the Program by the Secretary from among personnel, including regular and reserve members of the Armed Forces, civilian employees of the Department of Defense (including the Defense intelligence agencies), and personnel of the research laboratories of the Department of Defense and the Department of Energy, who have particular expertise in the areas of responsibility described in subsection (c). Any personnel assigned to the Program from among personnel of the Department of Energy shall be so assigned with the concurrence of the Secretary of Energy. The Secretary of Defense shall designate a manager for the Program (in this section referred to as the Program manager ). The Program manager and the personnel assigned to the Program shall improve the end-to-end cybersecurity of all of the systems, critical infrastructure, kill chains, and processes that make up the following military missions of the Department of Defense: Nuclear deterrence and strike. Select long-range conventional strike missions germane to the warfighting plans of United States European Command and United States Indo-Pacific Command. Offensive cyber operations. Homeland missile defense. In carrying out the activities described in paragraph (1), the Program manager shall conduct end-to-end vulnerability assessments and undertake or oversee remediation of identified vulnerabilities in the systems and processes on which the successful execution of the missions delineated in paragraph
(1)depend. In carrying out paragraph (1), the Program manager shall conduct appropriate reviews of acquisition and systems engineering plans for proposed systems and infrastructure. The review of an acquisition plan for any proposed system or infrastructure shall be carried out before Milestone B approval for such system or infrastructure. The Secretary shall ensure that the Program builds upon, and does not duplicate, other efforts of the Department of Defense relating to cybersecurity, including the following: The evaluation of cyber vulnerabilities of major weapon systems of the Department of Defense required under section 1647 of the National Defense Authorization Act for Fiscal Year 2016 ( Public Law 114–92 ). The evaluation of cyber vulnerabilities of Department of Defense critical infrastructure required under section 1650 of the National Defense Authorization Act for Fiscal year 2017 ( Public Law 114–328 ; 10 U.S.C. 2224 note). The activities of the cyber protection teams of the Department of Defense. The Vice Chairman of the Joint Chiefs of Staff shall coordinate with the Director of the National Security Agency and the commanders of the unified combatant commands to define the elements of the missions that will be included in the Program, and shall be responsible for updating those definitions as necessary. Not later than December 1, 2021, the Secretary of Defense shall provide a briefing to the congressional defense committees on the establishment of the Program, and the plans, funding, and staffing of the Program. .
Connectionstraces to 5
Traces to 5 documents
public-private-law
Citation graph
cites case law
Sec. 1630
Modification of requirements relating to the Strategic Cybersecurity Program and the evaluation of cyber vulnerabilities of major weapon systems of the Department of Defense
Cites 5Cited by 0 across 0 sources