§ 499. Annual assessment of cyber resiliency of nuclear command and control system
1,743 words·~8 min read·
/usc/title-10/section-499A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
(a)In General.— Not less frequently than annually, the Commander of the United States Strategic Command and the Commander of the United States Cyber Command (in this section referred to collectively as the “Commanders”) shall jointly conduct an assessment of the cyber resiliency of the nuclear command and control system.
(b)Elements.— In conducting the assessment required by subsection (a), the Commanders shall—
(1)conduct an assessment of the sufficiency and resiliency of the nuclear command and control system to operate through a cyber attack from the Russian Federation, the People’s Republic of China, or any other country or entity the Commanders identify as a potential threat; and
(2)develop recommendations for mitigating any concerns of the Commanders resulting from the assessment.
(c)Reports Required.—
(1)For each assessment conducted under subsection (a), the Commanders shall jointly submit to the Chairman of the Joint Chiefs of Staff, for submission to the Council on Oversight of the National Leadership Command, Control, and Communications System established under section 171a of this title, a report on the assessment that includes the following:
(A)The recommendations developed under subsection (b)(2).
(B)A statement of the degree of confidence of each of the Commanders in the mission assurance of the nuclear deterrent against a top tier cyber threat.
(C)A detailed description of the approach used to conduct the assessment required by subsection
(a)and the technical basis of conclusions reached in conducting that assessment.
(D)Any other comments of the Commanders.
(2)The Council shall submit to the Secretary of Defense each report required by paragraph
(1)and any comments of the Council on each report.
(3)Not later than 90 days after the date of the submission of a report under paragraph (1), the Secretary of Defense shall submit to the congressional defense committees the report, any comments of the Council on the report under paragraph (2), and any comments of the Secretary on the report.
(d)Quarterly Briefings.—
(1)Not less than once every quarter, the Deputy Secretary of Defense and the Vice Chairman of the Joint Chiefs of Staff shall jointly provide to the Committees on Armed Services of the House of Representatives and the Senate—
(A)a briefing on any intrusion or anomaly in the nuclear command, control, and communications system that was identified during the previous quarter, including—
(i)an assessment of any known, suspected, or potential impacts of such intrusions and anomalies to the mission effectiveness of military capabilities as of the date of the briefing; and
(ii)with respect to cyber intrusions of contractor networks known or suspected to have resulted in the loss or compromise of design information regarding the nuclear command, control, and communications system; or
(B)if no such intrusion or anomaly occurred with respect to the quarter to be covered by that briefing, a notification of such lack of intrusions and anomalies.
(2)In this subsection:
(A)The term “anomaly” means a malicious, suspicious or abnormal cyber incident that potentially threatens the national security or interests of the United States, or that is likely to result in demonstrable harm to the national security of the United States.
(B)The term “intrusion” means an unauthorized and malicious cyber incident that compromises a nuclear command, control, and communications system by breaking the security of such a system or causing it to enter into an insecure state.
(e)Termination.— The requirements of this section shall terminate on December 31, 2032.
(Added Pub. L. 115–91, div. A, title XVI, § 1651(a), Dec. 12, 2017, 131 Stat. 1756; amended Pub. L. 117–81, div. A, title XV, § 1534, Dec. 27, 2021, 135 Stat. 2054; Pub. L. 117–263, div. A, title XVI, § 1636(a), (b), Dec. 23, 2022, 136 Stat. 2940.)
Connections11 cite this · traces to 10
Cited by 11 sections
public-private-law
statutes-at-large
- Public Law 579
- Public Law 118–31To authorize appropriations for fiscal year 2024 for military activities of the Department of Defense and for military construction, and for defense activities of the Department of Energy, to prescribe military personnel strengths for such fiscal year, and for other purposes
- Public Law 115–91To authorize appropriations for fiscal year 2018 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to prescribe military personnel strengths for such fiscal year, and for other purposes
- Public Law 116–283To authorize appropriations for fiscal year 2021 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to prescribe military personnel strengths for such fiscal year, and for other purposes
Traces to 10 documents
U.S. Code
public-private-law
- National Defense Authorization Act for Fiscal Year 2018Public Law 115-91
- National Defense Authorization Act for Fiscal Year 2022Public Law 117-81
- James M. Inhofe National Defense Authorization Act for Fiscal Year 2023Public Law 117-263
- National Defense Authorization Act for Fiscal Year 2024Public Law 118-31
- National Defense Authorization Act for Fiscal Year 2017Public Law 114-328
- William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021Public Law 116-283
5 references not yet in our index
- 131 Stat. 1756
- 135 Stat. 2054
- 136 Stat. 2940
- 137 Stat. 542
- 134 Stat. 4140
Citation graph
cites case law
§ 499
Annual assessment of cyber resiliency of nuclear command and control system
Stat.×4
Pub. L.×3
Stat. Comp.×3
U.S.C.×1
Stat.131 Stat. 1756
Stat.135 Stat. 2054
Stat.136 Stat. 2940
Cites 15 · showing 12Cited by 11 across 4 sources