Cyber and Big Data Provisions in the House FY 2018 National Defense Authorization Act

If you’ve been following legislative news recently you may have heard that the National Defense Authorization Act for Fiscal Year 2018 is slowly making its way through the House and Senate. On July 14, the House version of the bill (H.R. 2810), passed on a final vote of 344 to 81. The Senate Armed Services Committee released their version of the bill (S. 1519) to the full Senate on July 10. Both pieces of legislation will need to be reconciled before a final bill can be approved and sent to the president for signature, but that should not be a challenge as the NDAA seems to be the one bill that most people in Congress can agree upon. This said, the House NDAA version contains some interesting provisions that should be of interest to members of industry. Here are a few you should know about along with some commentary on their rationale and potential implications.

Cybersecurity/Warfare

• Sec. 1261 advises the DoD to invest in offensive and defensive cyber capabilities related to maritime operations in contested environments. Comment: The Navy has grown increasingly concerned about the ability of near-peer state actors to influence shipboard weapons, communications, and navigation systems. This provision is intended to address those concerns.
• Sec. 1271 allots $5M to fund the NATO Cooperative Cyber Defense Center of Excellence to strengthen cyber warfare capabilities within the alliance. Comment: Interoperability between allied systems remains a big roadblock to effective collaboration. Look for this work to address this issue.
• Sec. 1655 directs the Secretary of Defense to report on progress toward standing up an independent U.S. Cyber Command, specifically the metrics being used, challenges surrounding the transition, and the potential need for additional resources. Comment: An independent USCYBERCOM with acquisition authority will require industry support. The SECDEF’s report may clarify the potential for additional funding to go CYBERCOM’s way.
• Sec. 3131 requires the DoD to report on cyber threats to U.S. nuclear facilities and the steps being taken to mitigate those dangers.
• Sec 4101 boosts proposed FY 2018 funding for the following information security programs: Communications Security (+$22.8M, FY 2018 total - $130.6M), Defensive Cyber Operations (+$8M, FY 2018 total - $61.4M), and Worldwide Joint Strategic Communications (+$64M, FY 2018 total - $70.2M).

Big Data Analytics

• Sec. 815 advises the DoD to assess the possibility of making greater use of automated data analytics and modeling/simulation tools for developmental testing and evaluation. Comment: DoD already makes extensive use of modeling and simulation for its DevTest needs, so we’re unsure why this provision is necessary. Because it may be written into law, however, the DoD may fund even more analytics procurements, particularly those offered in secure, cloud-based vendor environments.
• Sec. 831 calls for the DoD to establish a common enterprise data structure to map and organize all defense business systems data to a common standard. Comment: This step is intended to improve transparency, but if fully implemented it could also facilitate the acquisition and use of a DoD-wide cloud-based system for storing and processing the data. 
• Sec. 1639 requires the National Geospatial Intelligence Agency to report on the potential of working with industry partners to leverage commercially-available artificial intelligence and automation capabilities for analyzing government geospatial intelligence data. Comment: A positive report from the Director of the NGA could result in the opening of a significant business opportunity for cleared vendors working with advanced AI capabilities.

Summing up, these House provisions will make it law for the DoD to grow its spending on some analytics, cybersecurity/warfare capabilities, and cloud-based systems. There is still the possibility that some of these provisions do not make it into the final version of the NDAA that gets sent to the White House, but as the provisions deal with technologies that are key to the DoD’s future operations it is likely that they will remain in place.