Sec. 1647. EVALUATION OF CYBER VULNERABILITIES OF MAJOR WEAPON SYSTEMS OF THE DEPARTMENT OF DEFENSE
1,095 words·~5 min read·
/statute-compilations/comps-11831/sec-1647A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1647 EVALUATION OF CYBER VULNERABILITIES OF MAJOR WEAPON SYSTEMS OF THE DEPARTMENT OF DEFENSE ###
(a)Evaluation Required ####
(1)In general The Secretary of Defense shall, in accordance with the plan under subsection (b), complete an evaluation of the cyber vulnerabilities of each major weapon system of the Department of Defense by not later than December 31, 2019. ####
(2)Exception The Secretary may waive the requirement of paragraph
(1)with respect to a weapon system or complete the evaluation of a weapon system required by such paragraph after the date specified in such paragraph if the Secretary certifies to the congressional defense committees before that date that all known cyber vulnerabilities in the weapon system have minimal consequences for the capability of the weapon system to meet operational requirements or otherwise satisfy mission requirements. ###
(b)Plan for Evaluation ####
(1)In general Not later than 180 days after the date of the enactment of this Act, the Secretary shall submit to the congressional defense committees the plan of the Secretary for the evaluations of major weapon systems under subsection (a), including an identification of each of the weapon systems to be evaluated and an estimate of the funding required to conduct the evaluations. ####
(2)Priority in evaluations The plan under paragraph
(1)shall accord a priority among evaluations based on the criticality of major weapon systems, as determined by the Chairman of the Joint Chiefs of Staff based on an assessment of employment of forces and threats. ####
(3)Integration with other efforts The plan under paragraph
(1)shall build upon existing efforts regarding the identification and mitigation of cyber vulnerabilities of major weapon systems, and shall not duplicate similar ongoing efforts such as Task Force Cyber Awakening of the Navy or Task Force Cyber Secure of the Air Force. ###
(c)Tools and Solutions for Assessing and Mitigating Cyber Vulnerabilities In addition to carrying out the evaluation of cyber vulnerabilities of major weapon systems of the Department under this section, the Secretary may— ####
(1)develop tools to improve the detection and evaluation of cyber vulnerabilities; ####
(2)conduct non-recurring engineering for the design of solutions to mitigate cyber vulnerabilities; and ####
(3)establish Department-wide information repositories to share findings relating to the evaluation and mitigation of cyber vulnerabilities. ###
(d)Risk Mitigation Strategies As part of the evaluation of cyber vulnerabilities of major weapon systems of the Department under this section, the Secretary shall develop strategies for mitigating the risks of cyber vulnerabilities identified in the course of such evaluations. ###
(e)Authorization of Appropriations Of the funds authorized to be appropriated by this Act or otherwise made available for fiscal year 2016 for research, development, test, and evaluation, Defense-wide, not more than $200,000,000 shall be available to the Secretary to conduct the evaluations under subsection (a)(1). ###
(f)Written Notification If the Secretary determines that the Department will not complete an evaluation of the cyber vulnerabilities of each major weapon system of the Department by the date specified in subsection (a)(1), the Secretary shall provide to the congressional defense committees written notification relating to each such incomplete evaluation. Such a written notification shall include the following: ####
(1)An identification of each major weapon system for which an evaluation will not be complete by the date specified in subsection (a)(1), the anticipated date of completion of the evaluation of each such weapon system, and a description of the remaining work to be done for the evaluation of each such weapon system. ####
(2)A justification for the inability to complete such an evaluation by the date specified in subsection (a)(1). ###
(g)Report The Secretary, acting through the Under Secretary of Defense for Acquisition and Sustainment, shall provide a report to the congressional defense committees upon completion of the requirement for an evaluation of the cyber vulnerabilities of each major weapon system of the Department under this section. Such report shall include the following: ####
(1)An identification of cyber vulnerabilities of each major weapon system requiring mitigation. ####
(2)An identification of current and planned efforts to address the cyber vulnerabilities of each major weapon system requiring mitigation, including efforts across the doctrine, organization, training, materiel, leadership and education, personnel, and facilities of the Department. ####
(3)A description of joint and common cyber vulnerability mitigation solutions and efforts, including solutions and efforts across the doctrine, organization, training, materiel, leadership and education, personnel, and facilities of the Department. ####
(4)A description of lessons learned and best practices regarding evaluations of the cyber vulnerabilities and cyber vulnerability mitigation efforts relating to major weapon systems, including an identification of useful tools and technologies for discovering and mitigating vulnerabilities, such as those specified in section 1657 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232), and steps taken to institutionalize the use of these tools and technologies. ####
(5)A description of efforts to share lessons learned and best practices regarding evaluations of the cyber vulnerabilities and cyber vulnerability mitigation efforts of major weapon systems across the Department. ####
(6)An identification of measures taken to institutionalize evaluations of cyber vulnerabilities of major weapon systems, including an identification of which major weapon systems evaluated under this section will be reevaluated in the future, when these evaluations will occur, and how evaluations will occur for future major weapon systems. ####
(7)Information relating to guidance, processes, procedures, or other activities established to mitigate or address the likelihood of cyber vulnerabilities of major weapon systems by incorporation of lessons learned in the research, development, test, evaluation, and acquisition cycle, including promotion of cyber education of the acquisition workforce. ####
(8)An identification of systems to be incorporated into or that have been incorporated into the National Security Agency’s Strategic Cybersecurity Program and the status of these systems in the Program. ####
(9)Any other matters the Secretary determines relevant. ###
(h)Establishing Requirements for Periodicity of Vulnerability Reviews The Secretary of Defense shall establish policies and requirements for each major weapon system, and the priority critical infrastructure essential to the proper functioning of major weapon systems in broader mission areas, to be re-assessed for cyber vulnerabilities, taking into account upgrades or other modifications to systems and changes in the threat landscape. ###
(i)Identification of Senior Official Each secretary of a military department shall identify a senior official who shall be responsible for ensuring that cyber vulnerability assessments and mitigations for weapon systems and critical infrastructure are planned, funded, and carried out.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1647
EVALUATION OF CYBER VULNERABILITIES OF MAJOR WEAPON SYSTEMS OF THE DEPARTMENT OF DEFENSE
Cites 1Cited by 0 across 0 sources