Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025 · Sec. 1504

Sec. 1504. SUPPORT FOR CYBER THREAT TABLETOP EXERCISE PROGRAM WITH THE DEFENSE INDUSTRIAL BASE

616 words·~3 min read·/statute-compilations/comps-18280/sec-1504

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1504 SUPPORT FOR CYBER THREAT TABLETOP EXERCISE PROGRAM WITH THE DEFENSE INDUSTRIAL BASE ###
(a)Development of Cyber Threat Tabletop Exercise Program ####
(1)In general Not later than one year after the date of the enactment of this Act, the Secretary of Defense, acting through the Assistant Secretary of Defense for Cyber Policy, shall establish a program (to be known as the “Cyber Threat Tabletop Exercise Program”) to prepare the Department of Defense and the defense industrial base for cyber attacks preceding or during times of conflict or wars through the use of tabletop exercises. ####
(2)Participation #####
(A)In general In carrying out the program, the Secretary of Defense, acting through the Assistant Secretary of Defense for Cyber Policy, shall consult and coordinate with the following: ######
(i)The Chief Information Officer of the Department of Defense. ######
(ii)The Under Secretary of Defense for Acquisition and Sustainment. ######
(iii)The Commander of the United States Cyber Command. ######
(iv)The Commander of the United States Northern Command. ######
(v)The Commander of the Army Interagency Training and Education Center. ######
(vi)The Director of the Defense Cyber Crime Center. ######
(vii)Such other individuals and entities as the Assistant Secretary of Defense for Cyber Policy determines appropriate. #####
(B)Solicitation The Assistant Secretary of Defense for Cyber Policy may solicit such individuals and entities in the Department of Defense and the defense industrial base as the Assistant Secretary determines appropriate to participate in the program. ####
(3)Cyber Threat Tabletop Exercise Program — #####
(A)In general The program shall consist of the following: ######
(i)A series of tabletop exercises that simulate cyber attack scenarios affecting the defense industrial base, which the Assistant Secretary of Defense for Cyber Policy shall carry out on a biannual basis beginning not later than one year after the date of the enactment of this Act until December 30, 2030, and in which the Department of Defense and entities in the defense industrial base shall participate. ######
(ii)A series of tabletop exercises for use by individual entities or collections of entities in the defense industrial base that simulate cyber attack scenarios affecting the defense industrial base and which are designed to test and improve the responses and plans of such entities to such scenarios. #####
(B)Tabletop exercise development ######
(i)In general The Assistant Secretary of Defense for Cyber Policy shall develop and update the tabletop exercises described in subparagraph (A). ######
(ii)Realistic attacks The Assistant Secretary of Defense for Cyber Policy shall ensure that the cyber attacks simulated by the tabletop exercises described in subparagraph
(A)are based on the cyber attack capabilities and activities of current and potential adversaries of the United States. ####
(4)Procedures for identification of vulnerabilities and lessons learned Not later than one year after the date of the enactment of this Act, the Assistant Secretary of Defense for Cyber Policy shall establish procedures to— #####
(A)identify vulnerabilities in the cybersecurity of the Department of Defense and the defense industrial base pursuant to the tabletop exercises carried out under the program; and #####
(B)identify other lessons learned that can improve national security or the quality of such tabletop exercises. ###
(b)Annual Report Not later than September 30, 2025, and annually thereafter until the October 1, 2029, the Secretary of Defense, acting through the Assistant Secretary of Defense for Cyber Policy, shall submit to the congressional defense committees a report describing the activities of the Department of Defense pursuant to this section during the preceding year. ###
(c)Program Defined In this section, the term “program” means the program established under subsection (a).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.