Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · National Defense Authorization Act for Fiscal Year 2012 · Sec. 953

Sec. 953. STRATEGY TO ACQUIRE CAPABILITIES TO DETECT PREVIOUSLY UNKNOWN CYBER ATTACKS

652 words·~3 min read·/statute-compilations/comps-10045/sec-953

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 953 STRATEGY TO ACQUIRE CAPABILITIES TO DETECT PREVIOUSLY UNKNOWN CYBER ATTACKS **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)In General The Secretary of Defense shall develop and implement a plan to augment the cybersecurity strategy of the Department of Defense through the acquisition of advanced capabilities to discover and isolate penetrations and attacks that were previously unknown and for which signatures have not been developed for incorporation into computer intrusion detection and prevention systems and anti-virus software systems. ###
(b)Capabilities ####
(1)Nature of capabilities The capabilities to be acquired under the plan required by subsection
(a)shall— #####
(A)be adequate to enable well-trained analysts to discover the sophisticated attacks conducted by nation-state adversaries that are categorized as “advanced persistent threats”; #####
(B)be appropriate for— ######
(i)endpoints or hosts; ######
(ii)network-level gateways operated by the Defense Information Systems Agency where the Department of Defense network connects to the public Internet; and ######
(iii)global networks owned and operated by private sector Tier 1 Internet Service Providers; #####
(C)at the endpoints or hosts, add new discovery capabilities to the Host-Based Security System of the Department, including capabilities such as— ######
(i)automatic blocking of unauthorized software programs and accepting approved and vetted programs; ######
(ii)constant monitoring of all key computer attributes, settings, and operations (such as registry keys, operations running in memory, security settings, memory tables, event logs, and files); and ######
(iii)automatic baselining and remediation of altered computer settings and files; #####
(D)at the network-level gateways and internal network peering points, include the sustainment and enhancement of a system that is based on full-packet capture, session reconstruction, extended storage, and advanced analytic tools, by— ######
(i)increasing the number and skill level of the analysts assigned to query stored data, whether by contracting for security services, hiring and training Government personnel, or both; and ######
(ii)increasing the capacity of the system to handle the rates for data flow through the gateways and the storage requirements specified by the United States Cyber Command; and #####
(E)include the behavior-based threat detection capabilities of Tier 1 Internet Service Providers and other companies that operate on the global Internet. ####
(2)Source of capabilities The capabilities to be acquired shall, to the maximum extent practicable, be acquired from commercial sources. In making decisions on the procurement of such capabilities from among competing commercial and Government providers, the Secretary shall take into consideration the needs of other departments and agencies of the Federal Government, State and local governments, and critical infrastructure owned and operated by the private sector for unclassified, affordable, and sustainable commercial solutions. ###
(c)Integration and Management of Discovery Capabilities The plan required by subsection
(a)shall include mechanisms for improving the standardization, organization, and management of the security information and event management systems that are widely deployed across the Department of Defense to improve the ability of United States Cyber Command to understand and control the status and condition of Department networks, including mechanisms to ensure that the security information and event management systems of the Department receive and correlate data collected and analyses conducted at the host or endpoint, at the network gateways, and by Internet Service Providers in order to discover new attacks reliably and rapidly. ###
(d)Provision for Capability Demonstrations The plan required by subsection
(a)shall provide for the conduct of demonstrations, pilot projects, and other tests on cyber test ranges and operational networks in order to determine and verify that the capabilities to be acquired pursuant to the plan are effective, practical, and affordable. ###
(e)Report Not later than April 1, 2012, the Secretary shall submit to the congressional defense committees a report on the plan required by subsection (a). The report shall set forth the plan and include a comprehensive description of the actions being undertaken by the Department to implement the plan.
Connectionstraces to 1
Citation graph
cites case law
Sec. 953
STRATEGY TO ACQUIRE CAPABILITIES TO DETECT PREVIOUSLY UNKNOWN CYBER ATTACKS
U.S.C.§ 2224
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.