Sec. 1504. Evaluation of Department of Defense cyber governance
654 words·~3 min read·
/bill/117/s/1605/eah/section-1504A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall complete an evaluation and review of the Department of Defense’s current cyber governance construct. The evaluation and review conducted pursuant to subsection
(a)shall— assess the performance of the Department of Defense in carrying out the pillars of the cyber strategy and lines of efforts established in the most recent cyber posture review, including— conducting military cyberspace operations of offensive, defensive, and protective natures; securely operating technologies associated with information networks, industrial control systems, operational technologies, weapon systems, and weapon platforms; and enabling, encouraging, and supporting the security of international, industrial, and academic partners; analyze and assess the current institutional constructs across the Office of the Secretary of Defense, Joint Staff, military services, and combatant commands involved with and responsible for the execution of and civilian oversight for the responsibilities specified in paragraph (1); analyze and assess the delineation of responsibilities within the current institutional construct within the Office of the Secretary of Defense for addressing the objectives of the 2018 Department of Defense Cyber Strategy and any superseding strategies, as well as identifying potential seams in responsibility; examine the Department’s policy, legislative, and regulatory regimes related to cyberspace and cybersecurity matters, including the 2018 Department of Defense Cyber Strategy and any superseding strategies, for sufficiency in carrying out the responsibilities specified in paragraph (1); examine the Office of the Secretary of Defense’s current alignment for the integration and coordination of cyberspace activities with other aspects of information operations, including information warfare and electromagnetic spectrum operations; examine the current roles and responsibilities of each Principal Staff Assistant to the Secretary of Defense as such relate to the responsibilities specified in paragraph (1), and identify redundancy, duplication, or matters requiring deconfliction or clarification; evaluate and, as appropriate, implement relevant managerial innovation from the private sector in the management of complex missions, including enhanced cross-functional teaming; evaluate the state of collaboration among each Principal Staff Assistant in matters related to acquisition of cyber capabilities and other enabling technologies supporting the responsibilities specified in paragraph (1); analyze and assess the Department’s performance in and posture for building and retaining the requisite workforce necessary to perform the responsibilities specified in paragraph (1); determine optimal governance structures related to the management and advancement of the Department’s cyber workforce, including those structures defined under and evaluated pursuant to section 1649 of the National Defense Authorization Act for Fiscal Year 2020 ( Public Law 116–92 ) and section 1726 of the National Defense Authorization Act for Fiscal Year 2021 ( Public Law 116–283 ); develop policy and legislative recommendations, as appropriate, to delineate and deconflict the roles and responsibilities of United States Cyber Command in defending and protecting the Department of Defense Information Network (DoDIN), with the responsibility of the Chief Information Officer, the Defense Information Systems Agency, and the military services to securely operate technologies described in paragraph (1)(B); develop policy and legislative recommendations to enhance the authority of the Chief Information Officers within the military services, specifically as such relates to executive and budgetary control over matters related to such services’ information technology security, acquisition, and value; develop policy and legislative recommendations, as appropriate, for optimizing the institutional constructs across the Office of the Secretary of Defense, Joint Staff, military services, and combatant commands involved with and responsible for the responsibilities specified in paragraph (1); and make recommendations for any legislation determined appropriate. Not later than 90 days after the commencement of the evaluation and review conducted pursuant to subsection
(a)and every 30 days thereafter, the Secretary of Defense shall brief the congressional defense committees on interim findings of such evaluation and review. Not later than 30 days after the completion of the evaluation and review conducted pursuant to subsection (a), the Secretary of Defense shall submit to the congressional defense committees a report on such evaluation and review.
Connectionstraces to 2
Citation graph
cites case law
Sec. 1504
Evaluation of Department of Defense cyber governance
Cites 2Cited by 0 across 0 sources